<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="common/css/sf.css" rel="stylesheet" type="text/css" />
<title>References: Typing Mutable References</title>
<link href="common/jquery-ui/jquery-ui.css" rel="stylesheet">
<script src="common/jquery-ui/external/jquery/jquery.js"></script>
<script src="common/jquery-ui/jquery-ui.js"></script>
<script src="common/toggleproofs.js"></script>
<link href="common/css/plf.css" rel="stylesheet" type="text/css"/>
</head>

<body>

<div id="page">

<div id="header">
<div id='logoinheader'><a href='https://softwarefoundations.cis.upenn.edu'>
<img src='common/media/image/sf_logo_sm.png' alt='Software Foundations Logo'></a></div>
<div class='booktitleinheader'><a href='index.html'>Volume 2: Programming Language Foundations</a></div>
<ul id='menu'>
   <li class='section_name'><a href='toc.html'>Table of Contents</a></li>
   <li class='section_name'><a href='coqindex.html'>Index</a></li>
   <li class='section_name'><a href='deps.html'>Roadmap</a></li>
</ul>
</div>

<div id="main">

<h1 class="libtitle">References<span class="subtitle">Typing Mutable References</span></h1>


<div class="doc">

<div class="paragraph"> </div>

 Up to this point, we have considered a variety of <i>pure</i>
    language features, including functional abstraction, basic types
    such as numbers and booleans, and structured types such as records
    and variants.  These features form the backbone of most
    programming languages -- including purely functional languages
    such as Haskell and "mostly functional" languages such as ML, as
    well as imperative languages such as C and object-oriented
    languages such as Java, C<span class="inlinecode">#</span>, and Scala.

<div class="paragraph"> </div>

    However, most practical languages also include various <i>impure</i>
    features that cannot be described in the simple semantic framework
    we have used so far.  In particular, besides just yielding
    results, computation in these languages may assign to mutable
    variables (reference cells, arrays, mutable record fields, etc.);
    perform input and output to files, displays, or network
    connections; make non-local transfers of control via exceptions,
    jumps, or continuations; engage in inter-process synchronization
    and communication; and so on.  In the literature on programming
    languages, such "side effects" of computation are collectively
    referred to as <i>computational effects</i>.

<div class="paragraph"> </div>

    In this chapter, we'll see how one sort of computational effect --
    mutable references -- can be added to the calculi we have studied.
    The main extension will be dealing explicitly with a <i>store</i> (or
    <i>heap</i>) and <i>pointers</i> that name store locations.  This extension
    is fairly straightforward to define; the most interesting part is
    the refinement we need to make to the statement of the type
    preservation theorem. 
</div>
<div class="code">

<span class="id" title="keyword">Set</span> <span class="id" title="var">Warnings</span> "-notation-overridden,-parsing,-deprecated-hint-without-locality".<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#"><span class="id" title="library">Strings.String</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#"><span class="id" title="library">Init.Nat</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Arith.html#"><span class="id" title="library">Arith.Arith</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#"><span class="id" title="library">Arith.PeanoNat</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.micromega.Lia.html#"><span class="id" title="library">Lia</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">PLF</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <span class="id" title="library">Maps</span>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">PLF</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="Smallstep.html#"><span class="id" title="library">Smallstep</span></a>.<br/>
<span class="id" title="keyword">From</span> <span class="id" title="var">Coq</span> <span class="id" title="keyword">Require</span> <span class="id" title="keyword">Import</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#"><span class="id" title="library">Lists.List</span></a>.<br/>
<span class="id" title="keyword">Import</span> <span class="id" title="var">Nat</span>.<br/>
</div>

<div class="doc">
<a id="lab381"></a><h1 class="section">Definitions</h1>

<div class="paragraph"> </div>

 Pretty much every programming language provides some form of
    assignment operation that changes the contents of a previously
    allocated piece of storage.  (Coq's internal language Gallina is a
    rare exception!)

<div class="paragraph"> </div>

    In some languages -- notably ML and its relatives -- the
    mechanisms for name-binding and those for assignment are kept
    separate.  We can have a variable <span class="inlinecode"><span class="id" title="var">x</span></span> whose <i>value</i> is the number
    <span class="inlinecode">5</span>, or we can have a variable <span class="inlinecode"><span class="id" title="var">y</span></span> whose value is a
    <i>reference</i> (or <i>pointer</i>) to a mutable cell whose current
    contents is <span class="inlinecode">5</span>.  These are different things, and the difference
    is visible to the programmer.  We can add <span class="inlinecode"><span class="id" title="var">x</span></span> to another number,
    but not assign to it.  We can use <span class="inlinecode"><span class="id" title="var">y</span></span> to assign a new value to the
    cell that it points to (by writing <span class="inlinecode"><span class="id" title="var">y</span>:=84</span>), but we cannot use <span class="inlinecode"><span class="id" title="var">y</span></span>
    directly as an argument to an operation like <span class="inlinecode">+</span>.  Instead, we
    must explicitly <i>dereference</i> it, writing <span class="inlinecode">!<span class="id" title="var">y</span></span> to obtain its
    current contents.

<div class="paragraph"> </div>

    In most other languages -- in particular, in all members of the C
    family, including Java -- <i>every</i> variable name refers to a
    mutable cell, and the operation of dereferencing a variable to
    obtain its current contents is implicit.

<div class="paragraph"> </div>

    For purposes of formal study, it is useful to keep these
    mechanisms separate.  The development in this chapter will closely
    follow ML's model.  Applying the lessons learned here to C-like
    languages is a straightforward matter of collapsing some
    distinctions and rendering some operations such as dereferencing
    implicit instead of explicit. 
</div>

<div class="doc">
<a id="lab382"></a><h1 class="section">Syntax</h1>

<div class="paragraph"> </div>

 In this chapter, we study adding mutable references to the
    simply-typed lambda calculus with natural numbers. 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="STLCRef" class="idref" href="#STLCRef"><span class="id" title="module">STLCRef</span></a>.<br/>
</div>

<div class="doc">
The basic operations on references are <i>allocation</i>,
    <i>dereferencing</i>, and <i>assignment</i>.

<div class="paragraph"> </div>

<ul class="doclist">
<li> To allocate a reference, we use the <span class="inlinecode"><span class="id" title="var">ref</span></span> operator, providing
         an initial value for the new cell.  For example, <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode">5</span>
         creates a new cell containing the value <span class="inlinecode">5</span>, and reduces to
         a reference to that cell.

<div class="paragraph"> </div>


</li>
<li> To read the current value of this cell, we use the
         dereferencing operator <span class="inlinecode">!</span>; for example, <span class="inlinecode">!(<span class="id" title="var">ref</span></span> <span class="inlinecode">5)</span> reduces
         to <span class="inlinecode">5</span>.

<div class="paragraph"> </div>


</li>
<li> To change the value stored in a cell, we use the assignment
         operator.  If <span class="inlinecode"><span class="id" title="var">r</span></span> is a reference, <span class="inlinecode"><span class="id" title="var">r</span></span> <span class="inlinecode">:=</span> <span class="inlinecode">7</span> will store the
         value <span class="inlinecode">7</span> in the cell referenced by <span class="inlinecode"><span class="id" title="var">r</span></span>. 

</li>
</ul>
</div>

<div class="doc">
<a id="lab383"></a><h3 class="section">Types</h3>

<div class="paragraph"> </div>

 We start with the simply typed lambda calculus over the
    natural numbers. Besides the base natural number type and arrow
    types, we need to add two more types to deal with
    references. First, we need the <i>unit type</i>, which we will use as
    the result type of an assignment operation.  We then add
    <i>reference types</i>. 
<div class="paragraph"> </div>

 If <span class="inlinecode"><span class="id" title="var">T</span></span> is a type, then <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">T</span></span> is the type of references to
    cells holding values of type <span class="inlinecode"><span class="id" title="var">T</span></span>.
<br/>
<span class="inlinecode">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">T</span> <span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>:</span>:</span>=</span> <span class="id" title="var">Nat</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| <span class="id" title="var">Unit</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| <span class="id" title="var">T</span> → <span class="id" title="var">T</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| <span class="id" title="var">Ref</span> <span class="id" title="var">T</span>
</span>
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="STLCRef.ty" class="idref" href="#STLCRef.ty"><span class="id" title="inductive">ty</span></a> : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.Ty_Nat" class="idref" href="#STLCRef.Ty_Nat"><span class="id" title="constructor">Ty_Nat</span></a>   : <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.Ty_Unit" class="idref" href="#STLCRef.Ty_Unit"><span class="id" title="constructor">Ty_Unit</span></a>  : <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.Ty_Arrow" class="idref" href="#STLCRef.Ty_Arrow"><span class="id" title="constructor">Ty_Arrow</span></a> : <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.Ty_Ref" class="idref" href="#STLCRef.Ty_Ref"><span class="id" title="constructor">Ty_Ref</span></a>   : <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#ty:1"><span class="id" title="inductive">ty</span></a>.<br/>
</div>

<div class="doc">
<a id="lab384"></a><h3 class="section">Terms</h3>

<div class="paragraph"> </div>

 Besides variables, abstractions, applications,
    natural-number-related terms, and <span class="inlinecode"><span class="id" title="var">unit</span></span>, we need four more sorts
    of terms in order to handle mutable references:
<pre>
      t <span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>:</span>:</span>=</span> ...              Terms
          | ref t              allocation
          | !t                 dereference
          | t := t             assignment
          | l                  location
</pre>

</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="STLCRef.tm" class="idref" href="#STLCRef.tm"><span class="id" title="inductive">tm</span></a>  : <span class="id" title="keyword">Type</span> :=<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;STLC&nbsp;with&nbsp;numbers:&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_var" class="idref" href="#STLCRef.tm_var"><span class="id" title="constructor">tm_var</span></a>    : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_app" class="idref" href="#STLCRef.tm_app"><span class="id" title="constructor">tm_app</span></a>    : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_abs" class="idref" href="#STLCRef.tm_abs"><span class="id" title="constructor">tm_abs</span></a>    : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.ty"><span class="id" title="inductive">ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_const" class="idref" href="#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a>  : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_succ" class="idref" href="#STLCRef.tm_succ"><span class="id" title="constructor">tm_succ</span></a>    : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_pred" class="idref" href="#STLCRef.tm_pred"><span class="id" title="constructor">tm_pred</span></a>    : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_mult" class="idref" href="#STLCRef.tm_mult"><span class="id" title="constructor">tm_mult</span></a>    : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_if<sub>0</sub>" class="idref" href="#STLCRef.tm_if<sub>0</sub>"><span class="id" title="constructor">tm_if<sub>0</sub></span></a>  : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;New&nbsp;terms:&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_unit" class="idref" href="#STLCRef.tm_unit"><span class="id" title="constructor">tm_unit</span></a>   : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_ref" class="idref" href="#STLCRef.tm_ref"><span class="id" title="constructor">tm_ref</span></a>    : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_deref" class="idref" href="#STLCRef.tm_deref"><span class="id" title="constructor">tm_deref</span></a>  : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_assign" class="idref" href="#STLCRef.tm_assign"><span class="id" title="constructor">tm_assign</span></a> : <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.tm_loc" class="idref" href="#STLCRef.tm_loc"><span class="id" title="constructor">tm_loc</span></a>    : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#tm:3"><span class="id" title="inductive">tm</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="var">Declare</span> <span class="id" title="var">Custom</span> <span class="id" title="var">Entry</span> <span class="id" title="var">stlc</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>" class="idref" href="#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&quot;</span></a>&lt;{ e }&gt;" := <span class="id" title="var">e</span> (<span class="id" title="var">e</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99).<br/>
<span class="id" title="keyword">Notation</span> <a id="0975a85e562f22315b420c8d1c95dd<sub>06</sub>" class="idref" href="#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">&quot;</span></a>( x )" := <span class="id" title="var">x</span> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span>, <span class="id" title="var">x</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::x" class="idref" href="#STLCRef.:stlc::x"><span class="id" title="notation">&quot;</span></a>x" := <span class="id" title="var">x</span> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0, <span class="id" title="var">x</span> <span class="id" title="keyword">constr</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::x_'-&gt;'_x" class="idref" href="#STLCRef.:stlc::x_'-&gt;'_x"><span class="id" title="notation">&quot;</span></a>S <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> T" := (<a class="idref" href="References.html#STLCRef.Ty_Arrow"><span class="id" title="constructor">Ty_Arrow</span></a> <span class="id" title="var">S</span> <span class="id" title="var">T</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 50, <span class="id" title="tactic">right</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::x_x" class="idref" href="#STLCRef.:stlc::x_x"><span class="id" title="notation">&quot;</span></a>x y" := (<a class="idref" href="References.html#STLCRef.tm_app"><span class="id" title="constructor">tm_app</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 1, <span class="id" title="tactic">left</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="fcbb07911888b1a4b268f628a4d64735" class="idref" href="#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">&quot;</span></a>\ x : t , y" :=<br/>
&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.tm_abs"><span class="id" title="constructor">tm_abs</span></a> <span class="id" title="var">x</span> <span class="id" title="var">t</span> <span class="id" title="var">y</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 90, <span class="id" title="var">x</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">t</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">y</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">left</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Coercion</span> <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">tm_var</span></a> <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">:</span></a> <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">string</span></a> <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">&gt;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">tm</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="4fd5514b3ffd220ca15884061cca2343" class="idref" href="#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">&quot;</span></a>{ x }" := <span class="id" title="var">x</span> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0, <span class="id" title="var">x</span> <span class="id" title="keyword">constr</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'Unit'" class="idref" href="#STLCRef.:stlc::'Unit'"><span class="id" title="notation">&quot;</span></a>'Unit'" :=<br/>
&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.Ty_Unit"><span class="id" title="constructor">Ty_Unit</span></a>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'unit'" class="idref" href="#STLCRef.:stlc::'unit'"><span class="id" title="notation">&quot;</span></a>'unit'" := <a class="idref" href="References.html#STLCRef.tm_unit"><span class="id" title="constructor">tm_unit</span></a> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'Nat'" class="idref" href="#STLCRef.:stlc::'Nat'"><span class="id" title="notation">&quot;</span></a>'Nat'" := <a class="idref" href="References.html#STLCRef.Ty_Nat"><span class="id" title="constructor">Ty_Nat</span></a> (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'succ'_x" class="idref" href="#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">&quot;</span></a>'succ' x" := (<a class="idref" href="References.html#STLCRef.tm_succ"><span class="id" title="constructor">tm_succ</span></a> <span class="id" title="var">x</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">x</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'pred'_x" class="idref" href="#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">&quot;</span></a>'pred' x" := (<a class="idref" href="References.html#STLCRef.tm_pred"><span class="id" title="constructor">tm_pred</span></a> <span class="id" title="var">x</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">x</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/>
<span class="id" title="keyword">Notation</span> <a id="aefa1df20f40a8331bf6423412f1c115" class="idref" href="#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">&quot;</span></a>x * y" := (<a class="idref" href="References.html#STLCRef.tm_mult"><span class="id" title="constructor">tm_mult</span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 1,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">left</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x" class="idref" href="#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">&quot;</span></a>'if<sub>0</sub>' x 'then' y 'else' z" :=<br/>
&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.tm_if<sub>0</sub>"><span class="id" title="constructor">tm_if<sub>0</sub></span></a> <span class="id" title="var">x</span> <span class="id" title="var">y</span> <span class="id" title="var">z</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 89,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">x</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">y</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="var">z</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 99,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">left</span> <span class="id" title="keyword">associativity</span>).<br/>
<span class="id" title="keyword">Coercion</span> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">:</span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">nat</span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">&gt;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'Ref'_x" class="idref" href="#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">&quot;</span></a>'Ref' t" :=<br/>
&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.Ty_Ref"><span class="id" title="constructor">Ty_Ref</span></a> <span class="id" title="var">t</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 4).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'loc'_x" class="idref" href="#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">&quot;</span></a>'loc' x" := (<a class="idref" href="References.html#STLCRef.tm_loc"><span class="id" title="constructor">tm_loc</span></a> <span class="id" title="var">x</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 2).<br/>
<span class="id" title="keyword">Notation</span> <a id="STLCRef.:stlc::'ref'_x" class="idref" href="#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">&quot;</span></a>'ref' x" := (<a class="idref" href="References.html#STLCRef.tm_ref"><span class="id" title="constructor">tm_ref</span></a> <span class="id" title="var">x</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 2).<br/>
<span class="id" title="keyword">Notation</span> <a id="70f28e5c58264a9753710970e9df6ba<sub>2</sub>" class="idref" href="#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">&quot;</span></a>'!' x " := (<a class="idref" href="References.html#STLCRef.tm_deref"><span class="id" title="constructor">tm_deref</span></a> <span class="id" title="var">x</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 2).<br/>
<span class="id" title="keyword">Notation</span> <a id="c9336c07d043872f48e6c531eccadb3e" class="idref" href="#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">&quot;</span></a> e<sub>1</sub> ':=' e<sub>2</sub> " := (<a class="idref" href="References.html#STLCRef.tm_assign"><span class="id" title="constructor">tm_assign</span></a> <span class="id" title="var">e<sub>1</sub></span> <span class="id" title="var">e<sub>2</sub></span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 21).<br/>
</div>

<div class="doc">
Intuitively:
<ul class="doclist">
<li> <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode"><span class="id" title="var">t</span></span> (formally, <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode"><span class="id" title="var">t</span></span>) allocates a new reference cell
      with the value <span class="inlinecode"><span class="id" title="var">t</span></span> and reduces to the location of the newly
      allocated cell;

<div class="paragraph"> </div>


</li>
<li> <span class="inlinecode">!<span class="id" title="var">t</span></span> (formally, <span class="inlinecode"><span class="id" title="var">deref</span></span> <span class="inlinecode"><span class="id" title="var">t</span></span>) reduces to the contents of the
      cell referenced by <span class="inlinecode"><span class="id" title="var">t</span></span>;

<div class="paragraph"> </div>


</li>
<li> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode">:=</span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> (formally, <span class="inlinecode"><span class="id" title="var">assign</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>) assigns <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> to the
      cell referenced by <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span>; and

<div class="paragraph"> </div>


</li>
<li> <span class="inlinecode"><span class="id" title="var">l</span></span> (formally, <span class="inlinecode"><span class="id" title="var">loc</span></span> <span class="inlinecode"><span class="id" title="var">l</span></span>) is a reference to the cell at
      location <span class="inlinecode"><span class="id" title="var">l</span></span>.  We'll discuss locations later. 
</li>
</ul>

<div class="paragraph"> </div>

 In informal examples, we'll also freely use the extensions
    of the STLC developed in the <a href="MoreStlc.html"><span class="inlineref">MoreStlc</span></a> chapter; however, to keep
    the proofs small, we won't bother formalizing them again here.  (It
    would be easy to do so, since there are no very interesting
    interactions between those features and references.) 
</div>

<div class="doc">
<a id="lab385"></a><h3 class="section">Typing (Preview)</h3>

<div class="paragraph"> </div>

 Informally, the typing rules for allocation, dereferencing, and
    assignment will look like this:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; t<sub>1</sub> : T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Ref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; ref t<sub>1</sub> : Ref T<sub>1</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; t<sub>1</sub> : Ref T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Deref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; !t<sub>1</sub> : T<sub>1</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; t<sub>1</sub> : Ref T<sub>2</sub></td>
  <td></td>
</td>
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; t<sub>2</sub> : T<sub>2</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Assign) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; t<sub>1</sub> := t<sub>2</sub> : Unit</td>
  <td></td>
</td>
</table></center>    The rule for locations will require a bit more machinery, and this
    will motivate some changes to the other rules; we'll come back to
    this later. 
</div>

<div class="doc">
<a id="lab386"></a><h3 class="section">Values and Substitution</h3>

<div class="paragraph"> </div>

 Besides abstractions and numbers, we have two new types of values:
    the unit value, and locations.  
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="STLCRef.value" class="idref" href="#STLCRef.value"><span class="id" title="inductive">value</span></a> : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.v_abs" class="idref" href="#STLCRef.v_abs"><span class="id" title="constructor">v_abs</span></a> : <span class="id" title="keyword">∀</span> <a id="x:7" class="idref" href="#x:7"><span class="id" title="binder">x</span></a> <a id="T<sub>2</sub>:8" class="idref" href="#T<sub>2</sub>:8"><span class="id" title="binder">T<sub>2</sub></span></a> <a id="t<sub>1</sub>:9" class="idref" href="#t<sub>1</sub>:9"><span class="id" title="binder">t<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#value:5"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#x:7"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a><a class="idref" href="References.html#T<sub>2</sub>:8"><span class="id" title="variable">T<sub>2</sub></span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#t<sub>1</sub>:9"><span class="id" title="variable">t<sub>1</sub></span></a><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.v_nat" class="idref" href="#STLCRef.v_nat"><span class="id" title="constructor">v_nat</span></a> : <span class="id" title="keyword">∀</span> <a id="n:10" class="idref" href="#n:10"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a> ,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#value:5"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#n:10"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.v_unit" class="idref" href="#STLCRef.v_unit"><span class="id" title="constructor">v_unit</span></a> :<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#value:5"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.v_loc" class="idref" href="#STLCRef.v_loc"><span class="id" title="constructor">v_loc</span></a> : <span class="id" title="keyword">∀</span> <a id="l:11" class="idref" href="#l:11"><span class="id" title="binder">l</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#value:5"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <a class="idref" href="References.html#l:11"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Hint Constructors</span> <a class="idref" href="References.html#value"><span class="id" title="inductive">value</span></a> : <span class="id" title="var">core</span>.<br/>
</div>

<div class="doc">
Extending substitution to handle the new syntax of terms is
    straightforward.  
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot;'[' x ':=' s ']' t" (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 20, <span class="id" title="var">x</span> <span class="id" title="keyword">constr</span>).<br/>
<span class="id" title="keyword">Fixpoint</span> <a id="STLCRef.subst" class="idref" href="#STLCRef.subst"><span class="id" title="definition">subst</span></a> (<a id="x:12" class="idref" href="#x:12"><span class="id" title="binder">x</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) (<a id="s:13" class="idref" href="#s:13"><span class="id" title="binder">s</span></a> : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a>) (<a id="t:14" class="idref" href="#t:14"><span class="id" title="binder">t</span></a> : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a>) : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a> :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <a class="idref" href="References.html#t:14"><span class="id" title="variable">t</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;pure&nbsp;STLC&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#STLCRef.tm_var"><span class="id" title="constructor">tm_var</span></a> <span class="id" title="var">y</span> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">if</span> <span class="id" title="definition">eqb_string</span> <a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <span class="id" title="var">y</span> <span class="id" title="keyword">then</span> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a> <span class="id" title="keyword">else</span> <a class="idref" href="References.html#t:14"><span class="id" title="variable">t</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><span class="id" title="var">y</span><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a><span class="id" title="var">T</span><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">if</span> <span class="id" title="definition">eqb_string</span> <a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <span class="id" title="var">y</span> <span class="id" title="keyword">then</span> <a class="idref" href="References.html#t:14"><span class="id" title="variable">t</span></a> <span class="id" title="keyword">else</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><span class="id" title="var">y</span><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a><span class="id" title="var">T</span><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>2</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>2</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;numbers&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a> <span class="id" title="var">_</span> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t:14"><span class="id" title="variable">t</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <span class="id" title="var">t<sub>2</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>2</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <span class="id" title="var">t<sub>3</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>3</sub></span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;unit&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;references&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a><span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>1</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:12"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#s:13"><span class="id" title="variable">s</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <span class="id" title="var">t<sub>2</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;| <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <span class="id" title="var">_</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t:14"><span class="id" title="variable">t</span></a><br/>
&nbsp;&nbsp;<span class="id" title="keyword">end</span><br/>
<br/>
<span class="id" title="keyword">where</span> <a id="b811d80014e4babd27a16e96fb5faa5f" class="idref" href="#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">&quot;</span></a>'[' x ':=' s ']' t" := (<a class="idref" href="References.html#subst:15"><span class="id" title="definition">subst</span></a> <span class="id" title="var">x</span> <span class="id" title="var">s</span> <span class="id" title="var">t</span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span>).<br/>
</div>

<div class="doc">
<a id="lab387"></a><h1 class="section">Pragmatics</h1>

</div>

<div class="doc">
<a id="lab388"></a><h2 class="section">Side Effects and Sequencing</h2>

<div class="paragraph"> </div>

 The fact that we've chosen the result of an assignment
    expression to be the trivial value <span class="inlinecode"><span class="id" title="var">unit</span></span> allows a nice
    abbreviation for <i>sequencing</i>.  For example, we can write
<pre>
       r:=succ(!r); !r
</pre>
    as an abbreviation for
<pre>
       (\x:Unit. !r) (r:=succ(!r)).
</pre>
    This has the effect of reducing two expressions in order and
    returning the value of the second.  Restricting the type of the
    first expression to <span class="inlinecode"><span class="id" title="var">Unit</span></span> helps the typechecker to catch some
    silly errors by permitting us to throw away the first value only
    if it is really guaranteed to be trivial.

<div class="paragraph"> </div>

    Notice that, if the second expression is also an assignment, then
    the type of the whole sequence will be <span class="inlinecode"><span class="id" title="var">Unit</span></span>, so we can validly
    place it to the left of another <span class="inlinecode">;</span> to build longer sequences of
    assignments:
<pre>
       r:=succ(!r); r:=succ(!r); r:=succ(!r); r:=succ(!r); !r
</pre>
 Formally, we introduce sequencing as a <i>derived form</i>
    <span class="inlinecode"><span class="id" title="var">tseq</span></span> that expands into an abstraction and an application. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.x" class="idref" href="#STLCRef.x"><span class="id" title="definition">x</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> := "x".<br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.y" class="idref" href="#STLCRef.y"><span class="id" title="definition">y</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> := "y".<br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.z" class="idref" href="#STLCRef.z"><span class="id" title="definition">z</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a> := "z".<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Hint Unfold</span> <a class="idref" href="References.html#STLCRef.x"><span class="id" title="definition">x</span></a> : <span class="id" title="var">core</span>.<br/>
<span class="id" title="keyword">Hint Unfold</span> <a class="idref" href="References.html#STLCRef.y"><span class="id" title="definition">y</span></a> : <span class="id" title="var">core</span>.<br/>
<span class="id" title="keyword">Hint Unfold</span> <a class="idref" href="References.html#STLCRef.z"><span class="id" title="definition">z</span></a> : <span class="id" title="var">core</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.tseq" class="idref" href="#STLCRef.tseq"><span class="id" title="definition">tseq</span></a> <a id="t<sub>1</sub>:17" class="idref" href="#t<sub>1</sub>:17"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:18" class="idref" href="#t<sub>2</sub>:18"><span class="id" title="binder">t<sub>2</sub></span></a> :=<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a> <a class="idref" href="References.html#STLCRef.x"><span class="id" title="definition">x</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#t<sub>2</sub>:18"><span class="id" title="variable">t<sub>2</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a>  <a class="idref" href="References.html#t<sub>1</sub>:17"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Notation</span> <a id="cd8fd2f0f5bd1b2ecea4cab15254e7e<sub>4</sub>" class="idref" href="#cd8fd2f0f5bd1b2ecea4cab15254e7e<sub>4</sub>"><span class="id" title="notation">&quot;</span></a>t<sub>1</sub> ; t<sub>2</sub>" := (<a class="idref" href="References.html#STLCRef.tseq"><span class="id" title="definition">tseq</span></a> <span class="id" title="var">t<sub>1</sub></span> <span class="id" title="var">t<sub>2</sub></span>) (<span class="id" title="keyword">in</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 3).<br/>
</div>

<div class="doc">
<a id="lab389"></a><h2 class="section">References and Aliasing</h2>

<div class="paragraph"> </div>

 It is important to bear in mind the difference between the
    <i>reference</i> that is bound to some variable <span class="inlinecode"><span class="id" title="var">r</span></span> and the <i>cell</i>
    in the store that is pointed to by this reference.

<div class="paragraph"> </div>

    If we make a copy of <span class="inlinecode"><span class="id" title="var">r</span></span>, for example by binding its value to
    another variable <span class="inlinecode"><span class="id" title="var">s</span></span>, what gets copied is only the <i>reference</i>,
    not the contents of the cell itself.

<div class="paragraph"> </div>

    For example, after reducing
<pre>
      let r = ref 5 in
      let s = r in
      s := 82;
      (!r)+1
</pre>
    the cell referenced by <span class="inlinecode"><span class="id" title="var">r</span></span> will contain the value <span class="inlinecode">82</span>, while the
    result of the whole expression will be <span class="inlinecode">83</span>.  The references <span class="inlinecode"><span class="id" title="var">r</span></span>
    and <span class="inlinecode"><span class="id" title="var">s</span></span> are said to be <i>aliases</i> for the same cell.

<div class="paragraph"> </div>

    The possibility of aliasing can make programs with references
    quite tricky to reason about.  For example, the expression
<pre>
      r := 5; r := !s
</pre>
    assigns <span class="inlinecode">5</span> to <span class="inlinecode"><span class="id" title="var">r</span></span> and then immediately overwrites it with <span class="inlinecode"><span class="id" title="var">s</span></span>'s
    current value; this has exactly the same effect as the single
    assignment
<pre>
      r := !s
</pre>
    <i>unless</i> we happen to do it in a context where <span class="inlinecode"><span class="id" title="var">r</span></span> and <span class="inlinecode"><span class="id" title="var">s</span></span> are
    aliases for the same cell! 
</div>

<div class="doc">
<a id="lab390"></a><h2 class="section">Shared State</h2>

<div class="paragraph"> </div>

 Of course, aliasing is also a large part of what makes references
    useful.  In particular, it allows us to set up "implicit
    communication channels" -- shared state -- between different parts
    of a program.  For example, suppose we define a reference cell and
    two functions that manipulate its contents:
<pre>
      let c = ref 0 in
      let incc = \_:Unit. (c := succ (!c); !c) in
      let decc = \_:Unit. (c := pred (!c); !c) in
      ...
</pre>

<div class="paragraph"> </div>

 Note that, since their argument types are <span class="inlinecode"><span class="id" title="var">Unit</span></span>, the
    arguments to the abstractions in the definitions of <span class="inlinecode"><span class="id" title="var">incc</span></span> and
    <span class="inlinecode"><span class="id" title="var">decc</span></span> are not providing any useful information to the bodies of
    these functions (using the wildcard <span class="inlinecode"><span class="id" title="var">_</span></span> as the name of the bound
    variable is a reminder of this).  Instead, their purpose of these
    abstractions is to "slow down" the execution of the function
    bodies.  Since function abstractions are values, the two <span class="inlinecode"><span class="id" title="keyword">let</span></span>s are
    executed simply by binding these functions to the names <span class="inlinecode"><span class="id" title="var">incc</span></span> and
    <span class="inlinecode"><span class="id" title="var">decc</span></span>, rather than by actually incrementing or decrementing <span class="inlinecode"><span class="id" title="var">c</span></span>.
    Later, each call to one of these functions results in its body
    being executed once and performing the appropriate mutation on
    <span class="inlinecode"><span class="id" title="var">c</span></span>.  Such functions are often called <i>thunks</i>.

<div class="paragraph"> </div>

    In the context of these declarations, calling <span class="inlinecode"><span class="id" title="var">incc</span></span> results in
    changes to <span class="inlinecode"><span class="id" title="var">c</span></span> that can be observed by calling <span class="inlinecode"><span class="id" title="var">decc</span></span>.  For
    example, if we replace the <span class="inlinecode">...</span> with <span class="inlinecode">(<span class="id" title="var">incc</span></span> <span class="inlinecode"><span class="id" title="var">unit</span>;</span> <span class="inlinecode"><span class="id" title="var">incc</span></span> <span class="inlinecode"><span class="id" title="var">unit</span>;</span> <span class="inlinecode"><span class="id" title="var">decc</span></span>
    <span class="inlinecode"><span class="id" title="var">unit</span>)</span>, the result of the whole program will be <span class="inlinecode">1</span>. 
</div>

<div class="doc">
<a id="lab391"></a><h2 class="section">Objects</h2>

<div class="paragraph"> </div>

 We can go a step further and write a <i>function</i> that creates <span class="inlinecode"><span class="id" title="var">c</span></span>,
    <span class="inlinecode"><span class="id" title="var">incc</span></span>, and <span class="inlinecode"><span class="id" title="var">decc</span></span>, packages <span class="inlinecode"><span class="id" title="var">incc</span></span> and <span class="inlinecode"><span class="id" title="var">decc</span></span> together into a
    record, and returns this record:
<pre>
      newcounter =
          \_:Unit.
             let c = ref 0 in
             let incc = \_:Unit. (c := succ (!c); !c) in
             let decc = \_:Unit. (c := pred (!c); !c) in
             {i=incc, d=decc}
</pre>

<div class="paragraph"> </div>

 Now, each time we call <span class="inlinecode"><span class="id" title="var">newcounter</span></span>, we get a new record of
    functions that share access to the same storage cell <span class="inlinecode"><span class="id" title="var">c</span></span>.  The
    caller of <span class="inlinecode"><span class="id" title="var">newcounter</span></span> can't get at this storage cell directly,
    but can affect it indirectly by calling the two functions.  In
    other words, we've created a simple form of <i>object</i>.
<pre>
      let c<sub>1</sub> = newcounter unit in
      let c<sub>2</sub> = newcounter unit in
      // Note that we've allocated two separate storage cells now!
      let r<sub>1</sub> = c<sub>1</sub>.i unit in
      let r<sub>2</sub> = c<sub>2</sub>.i unit in
      r<sub>2</sub>  // yields 1, not 2!
</pre>
 
<div class="paragraph"> </div>

<a id="lab392"></a><h4 class="section">Exercise: 1 star, standard, optional (store_draw)</h4>
 Draw (on paper) the contents of the store at the point in
    execution where the first two <span class="inlinecode"><span class="id" title="keyword">let</span></span>s have finished and the third
    one is about to begin. 
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab393"></a><h2 class="section">References to Compound Types</h2>

<div class="paragraph"> </div>

 A reference cell need not contain just a number: the primitives
    we've defined above allow us to create references to values of any
    type, including functions.  For example, we can use references to
    functions to give an (inefficient) implementation of arrays
    of numbers, as follows.  Write <span class="inlinecode"><span class="id" title="var">NatArray</span></span> for the type
    <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode">(<span class="id" title="var">Nat</span>→<span class="id" title="var">Nat</span>)</span>.

<div class="paragraph"> </div>

    Recall the <span class="inlinecode"><span class="id" title="var">equal</span></span> function from the <a href="MoreStlc.html"><span class="inlineref">MoreStlc</span></a> chapter:
<pre>
      equal =
        fix
          (\eq:Nat<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>Nat<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>Bool.
             \m:Nat. \n:Nat.
               if m=0 then iszero n
               else if n=0 then false
               else eq (pred m) (pred n))
</pre>
    To build a new array, we allocate a reference cell and fill
    it with a function that, when given an index, always returns <span class="inlinecode">0</span>.
<pre>
      newarray = \_:Unit. ref (\n:Nat.0)
</pre>
    To look up an element of an array, we simply apply
    the function to the desired index.
<pre>
      lookup = \a:NatArray. \n:Nat. (!a) n
</pre>
    The interesting part of the encoding is the <span class="inlinecode"><span class="id" title="var">update</span></span> function.  It
    takes an array, an index, and a new value to be stored at that index, and
    does its job by creating (and storing in the reference) a new function
    that, when it is asked for the value at this very index, returns the new
    value that was given to <span class="inlinecode"><span class="id" title="var">update</span></span>, while on all other indices it passes the
    lookup to the function that was previously stored in the reference.
<pre>
      update = \a:NatArray. \m:Nat. \v:Nat.
                   let oldf = !a in
                   a := (\n:Nat. if equal m n then v else oldf n);
</pre>
    References to values containing other references can also be very
    useful, allowing us to define data structures such as mutable
    lists and trees. 
<div class="paragraph"> </div>

<a id="lab394"></a><h4 class="section">Exercise: 2 stars, standard, especially useful (compact_update)</h4>
 If we defined <span class="inlinecode"><span class="id" title="var">update</span></span> more compactly like this
<pre>
      update = \a:NatArray. \m:Nat. \v:Nat.
                  a := (\n:Nat. if equal m n then v else (!a) n)
</pre>
would it behave the same? 
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.manual_grade_for_compact_update" class="idref" href="#STLCRef.manual_grade_for_compact_update"><span class="id" title="definition">manual_grade_for_compact_update</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab395"></a><h2 class="section">Null References</h2>

<div class="paragraph"> </div>

 There is one final significant difference between our
    references and C-style mutable variables: in C-like languages,
    variables holding pointers into the heap may sometimes have the
    value <span class="inlinecode"><span class="id" title="var">NULL</span></span>.  Dereferencing such a "null pointer" is an error,
    and results either in a clean exception (Java and C<span class="inlinecode">#</span>) or in
    arbitrary and possibly insecure behavior (C and relatives like
    C++).  Null pointers cause significant trouble in C-like
    languages: the fact that any pointer might be null means that any
    dereference operation in the program can potentially fail.

<div class="paragraph"> </div>

    Even in ML-like languages, there are occasionally situations where
    we may or may not have a valid pointer in our hands.  Fortunately,
    there is no need to extend the basic mechanisms of references to
    represent such situations: the sum types introduced in the
    <a href="MoreStlc.html"><span class="inlineref">MoreStlc</span></a> chapter already give us what we need.

<div class="paragraph"> </div>

    First, we can use sums to build an analog of the <span class="inlinecode"><span class="id" title="var">option</span></span> types
    introduced in the <a href="https://softwarefoundations.cis.upenn.edu/lf-current/Lists.html"><span class="inlineref">Lists</span></a> chapter of <i>Logical Foundations</i>.
    Define <span class="inlinecode"><span class="id" title="var">Option</span></span> <span class="inlinecode"><span class="id" title="var">T</span></span> to be an abbreviation for <span class="inlinecode"><span class="id" title="var">Unit</span></span> <span class="inlinecode">+</span> <span class="inlinecode"><span class="id" title="var">T</span></span>.

<div class="paragraph"> </div>

    Then a "nullable reference to a <span class="inlinecode"><span class="id" title="var">T</span></span>" is simply an element of the
    type <span class="inlinecode"><span class="id" title="var">Option</span></span> <span class="inlinecode">(<span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">T</span>)</span>.  
</div>

<div class="doc">
<a id="lab396"></a><h2 class="section">Garbage Collection</h2>

<div class="paragraph"> </div>

 A last issue that we should mention before we move on with
    formalizing references is storage <i>de</i>-allocation.  We have not
    provided any primitives for freeing reference cells when they are
    no longer needed.  Instead, like many modern languages (including
    ML and Java) we rely on the run-time system to perform <i>garbage
    collection</i>, automatically identifying and reusing cells that can
    no longer be reached by the program.

<div class="paragraph"> </div>

    This is <i>not</i> just a question of taste in language design: it is
    extremely difficult to achieve type safety in the presence of an
    explicit deallocation operation.  One reason for this is the
    familiar <i>dangling reference</i> problem: we allocate a cell holding
    a number, save a reference to it in some data structure, use it
    for a while, then deallocate it and allocate a new cell holding a
    boolean, possibly reusing the same storage.  Now we can have two
    names for the same storage cell -- one with type <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">Nat</span></span> and the
    other with type <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">Bool</span></span>. 
<div class="paragraph"> </div>

<a id="lab397"></a><h4 class="section">Exercise: 2 stars, standard (type_safety_violation)</h4>
 Show how this can lead to a violation of type safety. 
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.manual_grade_for_type_safety_violation" class="idref" href="#STLCRef.manual_grade_for_type_safety_violation"><span class="id" title="definition">manual_grade_for_type_safety_violation</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab398"></a><h1 class="section">Operational Semantics</h1>

</div>

<div class="doc">
<a id="lab399"></a><h2 class="section">Locations</h2>

<div class="paragraph"> </div>

 The most subtle aspect of the treatment of references
    appears when we consider how to formalize their operational
    behavior.  One way to see why is to ask, "What should be the
    <i>values</i> of type <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">T</span></span>?"  The crucial observation that we need
    to take into account is that reducing a <span class="inlinecode"><span class="id" title="var">ref</span></span> operator should
    <i>do</i> something -- namely, allocate some storage -- and the result
    of the operation should be a reference to this storage.

<div class="paragraph"> </div>

    What, then, is a reference?

<div class="paragraph"> </div>

    The run-time store in most programming-language implementations is
    essentially just a big array of bytes.  The run-time system keeps
    track of which parts of this array are currently in use; when we
    need to allocate a new reference cell, we allocate a large enough
    segment from the free region of the store (4 bytes for integer
    cells, 8 bytes for cells storing <span class="inlinecode"><span class="id" title="var">Float</span></span>s, etc.), record somewhere
    that it is being used, and return the index (typically, a 32- or
    64-bit integer) of the start of the newly allocated region.  These
    indices are references.

<div class="paragraph"> </div>

    For present purposes, there is no need to be quite so concrete.
    We can think of the store as an array of <i>values</i>, rather than an
    array of bytes, abstracting away from the different sizes of the
    run-time representations of different values.  A reference, then,
    is simply an index into the store.  (If we like, we can even
    abstract away from the fact that these indices are numbers, but
    for purposes of formalization in Coq it is convenient to use
    numbers.)  We use the word <i>location</i> instead of <i>reference</i> or
    <i>pointer</i> to emphasize this abstract quality.

<div class="paragraph"> </div>

    Treating locations abstractly in this way will prevent us from
    modeling the <i>pointer arithmetic</i> found in low-level languages
    such as C.  This limitation is intentional.  While pointer
    arithmetic is occasionally very useful, especially for
    implementing low-level services such as garbage collectors, it
    cannot be tracked by most type systems: knowing that location <span class="inlinecode"><span class="id" title="var">n</span></span>
    in the store contains a <span class="inlinecode"><span class="id" title="var">float</span></span> doesn't tell us anything useful
    about the type of location <span class="inlinecode"><span class="id" title="var">n</span>+4</span>.  In C, pointer arithmetic is a
    notorious source of type-safety violations. 
</div>

<div class="doc">
<a id="lab400"></a><h2 class="section">Stores</h2>

<div class="paragraph"> </div>

 Recall that, in the small-step operational semantics for
    Imp, the step relation needed to carry along an auxiliary state in
    addition to the program being executed.  In the same way, once we
    have added reference cells to the STLC, our step relation must
    carry along a store to keep track of the contents of reference
    cells.

<div class="paragraph"> </div>

    We could re-use the same functional representation we used for
    states in Imp, but for carrying out the proofs in this chapter it
    is actually more convenient to represent a store simply as a
    <i>list</i> of values.  (The reason we didn't use this representation
    before is that, in Imp, a program could modify any location at any
    time, so states had to be ready to map <i>any</i> variable to a value.
    However, in the STLC with references, the only way to create a
    reference cell is with <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span>, which puts the value of <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span>
    in a new reference cell and reduces to the location of the newly
    created reference cell. When reducing such an expression, we can
    just add a new reference cell to the end of the list representing
    the store.) 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.store" class="idref" href="#STLCRef.store"><span class="id" title="definition">store</span></a> := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a>.<br/>
</div>

<div class="doc">
We use <span class="inlinecode"><span class="id" title="var">store_lookup</span></span> <span class="inlinecode"><span class="id" title="var">n</span></span> <span class="inlinecode"><span class="id" title="var">st</span></span> to retrieve the value of the reference
    cell at location <span class="inlinecode"><span class="id" title="var">n</span></span> in the store <span class="inlinecode"><span class="id" title="var">st</span></span>.  Note that we must give a
    default value to <span class="inlinecode"><span class="id" title="var">nth</span></span> in case we try looking up an index which is
    too large. (In fact, we will never actually do this, but proving
    that we don't will require a bit of work.) 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.store_lookup" class="idref" href="#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> (<a id="n:19" class="idref" href="#n:19"><span class="id" title="binder">n</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) (<a id="st:20" class="idref" href="#st:20"><span class="id" title="binder">st</span></a>:<a class="idref" href="References.html#STLCRef.store"><span class="id" title="definition">store</span></a>) :=<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#nth"><span class="id" title="definition">nth</span></a> <a class="idref" href="References.html#n:19"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#st:20"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/>
</div>

<div class="doc">
To update the store, we use the <span class="inlinecode"><span class="id" title="tactic">replace</span></span> function, which replaces
    the contents of a cell at a particular index. 
</div>
<div class="code">

<span class="id" title="keyword">Fixpoint</span> <a id="STLCRef.replace" class="idref" href="#STLCRef.replace"><span class="id" title="definition">replace</span></a> {<a id="A:21" class="idref" href="#A:21"><span class="id" title="binder">A</span></a>:<span class="id" title="keyword">Type</span>} (<a id="n:22" class="idref" href="#n:22"><span class="id" title="binder">n</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) (<a id="x:23" class="idref" href="#x:23"><span class="id" title="binder">x</span></a>:<a class="idref" href="References.html#A:21"><span class="id" title="variable">A</span></a>) (<a id="l:24" class="idref" href="#l:24"><span class="id" title="binder">l</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#A:21"><span class="id" title="variable">A</span></a>) : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#A:21"><span class="id" title="variable">A</span></a> :=<br/>
&nbsp;&nbsp;<span class="id" title="keyword">match</span> <a class="idref" href="References.html#l:24"><span class="id" title="variable">l</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;| <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>    ⇒ <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a><br/>
&nbsp;&nbsp;| <span class="id" title="var">h</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <span class="id" title="var">t</span> ⇒<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">match</span> <a class="idref" href="References.html#n:22"><span class="id" title="variable">n</span></a> <span class="id" title="keyword">with</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;| <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#O"><span class="id" title="constructor">O</span></a>    ⇒ <a class="idref" href="References.html#x:23"><span class="id" title="variable">x</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <span class="id" title="var">t</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;| <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <span class="id" title="var">n'</span> ⇒ <span class="id" title="var">h</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a> <a class="idref" href="References.html#replace:25"><span class="id" title="definition">replace</span></a> <span class="id" title="var">n'</span> <a class="idref" href="References.html#x:23"><span class="id" title="variable">x</span></a> <span class="id" title="var">t</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">end</span><br/>
&nbsp;&nbsp;<span class="id" title="keyword">end</span>.<br/>
</div>

<div class="doc">
As might be expected, we will also need some technical
    lemmas about <span class="inlinecode"><span class="id" title="tactic">replace</span></span>; they are straightforward to prove. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.replace_nil" class="idref" href="#STLCRef.replace_nil"><span class="id" title="lemma">replace_nil</span></a> : <span class="id" title="keyword">∀</span> <a id="A:28" class="idref" href="#A:28"><span class="id" title="binder">A</span></a> <a id="n:29" class="idref" href="#n:29"><span class="id" title="binder">n</span></a> (<a id="x:30" class="idref" href="#x:30"><span class="id" title="binder">x</span></a>:<a class="idref" href="References.html#A:28"><span class="id" title="variable">A</span></a>),<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#n:29"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#x:30"><span class="id" title="variable">x</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>.<br/>
<div class="togglescript" id="proofcontrol1" onclick="toggleDisplay('proof1');toggleDisplay('proofcontrol1')"><span class="show"></span></div>
<div class="proofscript" id="proof1" onclick="toggleDisplay('proof1');toggleDisplay('proofcontrol1')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">n</span>; <span class="id" title="tactic">auto</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.length_replace" class="idref" href="#STLCRef.length_replace"><span class="id" title="lemma">length_replace</span></a> : <span class="id" title="keyword">∀</span> <a id="A:31" class="idref" href="#A:31"><span class="id" title="binder">A</span></a> <a id="n:32" class="idref" href="#n:32"><span class="id" title="binder">n</span></a> <a id="x:33" class="idref" href="#x:33"><span class="id" title="binder">x</span></a> (<a id="l:34" class="idref" href="#l:34"><span class="id" title="binder">l</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#A:31"><span class="id" title="variable">A</span></a>),<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> (<a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#n:32"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#x:33"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#l:34"><span class="id" title="variable">l</span></a>) <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#l:34"><span class="id" title="variable">l</span></a>.<br/>
<div class="togglescript" id="proofcontrol2" onclick="toggleDisplay('proof2');toggleDisplay('proofcontrol2')"><span class="show"></span></div>
<div class="proofscript" id="proof2" onclick="toggleDisplay('proof2');toggleDisplay('proofcontrol2')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">A</span> <span class="id" title="var">n</span> <span class="id" title="var">x</span> <span class="id" title="var">l</span>. <span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">n</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">l</span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">n</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">n</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">n</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">simpl</span>. <span class="id" title="tactic">rewrite</span> <span class="id" title="var">IHl</span>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.lookup_replace_eq" class="idref" href="#STLCRef.lookup_replace_eq"><span class="id" title="lemma">lookup_replace_eq</span></a> : <span class="id" title="keyword">∀</span> <a id="l:35" class="idref" href="#l:35"><span class="id" title="binder">l</span></a> <a id="t:36" class="idref" href="#t:36"><span class="id" title="binder">t</span></a> <a id="st:37" class="idref" href="#st:37"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l:35"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:37"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> <a class="idref" href="References.html#l:35"><span class="id" title="variable">l</span></a> (<a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#l:35"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#t:36"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#st:37"><span class="id" title="variable">st</span></a>) <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="References.html#t:36"><span class="id" title="variable">t</span></a>.<br/>
<div class="togglescript" id="proofcontrol3" onclick="toggleDisplay('proof3');toggleDisplay('proofcontrol3')"><span class="show"></span></div>
<div class="proofscript" id="proof3" onclick="toggleDisplay('proof3');toggleDisplay('proofcontrol3')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">t</span> <span class="id" title="var">st</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">l</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">st</span> <span class="id" title="keyword">as</span> [|<span class="id" title="var">t'</span> <span class="id" title="var">st'</span>]; <span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;st&nbsp;=&nbsp;<span class="inlinecode"></span>&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;st&nbsp;=&nbsp;t'&nbsp;::&nbsp;st'&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">l</span>; <span class="id" title="tactic">simpl</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHst'</span>. <span class="id" title="tactic">simpl</span> <span class="id" title="keyword">in</span> <span class="id" title="var">Hlen</span>. <span class="id" title="var">lia</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.lookup_replace_neq" class="idref" href="#STLCRef.lookup_replace_neq"><span class="id" title="lemma">lookup_replace_neq</span></a> : <span class="id" title="keyword">∀</span> <a id="l<sub>1</sub>:38" class="idref" href="#l<sub>1</sub>:38"><span class="id" title="binder">l<sub>1</sub></span></a> <a id="l<sub>2</sub>:39" class="idref" href="#l<sub>2</sub>:39"><span class="id" title="binder">l<sub>2</sub></span></a> <a id="t:40" class="idref" href="#t:40"><span class="id" title="binder">t</span></a> <a id="st:41" class="idref" href="#st:41"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l<sub>1</sub>:38"><span class="id" title="variable">l<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'&lt;&gt;'_x"><span class="id" title="notation">≠</span></a> <a class="idref" href="References.html#l<sub>2</sub>:39"><span class="id" title="variable">l<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> <a class="idref" href="References.html#l<sub>1</sub>:38"><span class="id" title="variable">l<sub>1</sub></span></a> (<a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#l<sub>2</sub>:39"><span class="id" title="variable">l<sub>2</sub></span></a> <a class="idref" href="References.html#t:40"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#st:41"><span class="id" title="variable">st</span></a>) <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> <a class="idref" href="References.html#l<sub>1</sub>:38"><span class="id" title="variable">l<sub>1</sub></span></a> <a class="idref" href="References.html#st:41"><span class="id" title="variable">st</span></a>.<br/>
<div class="togglescript" id="proofcontrol4" onclick="toggleDisplay('proof4');toggleDisplay('proofcontrol4')"><span class="show"></span></div>
<div class="proofscript" id="proof4" onclick="toggleDisplay('proof4');toggleDisplay('proofcontrol4')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">l<sub>1</sub></span> <span class="id" title="keyword">as</span> [|<span class="id" title="var">l<sub>1</sub>'</span>]; <span class="id" title="tactic">intros</span> <span class="id" title="var">l<sub>2</sub></span> <span class="id" title="var">t</span> <span class="id" title="var">st</span> <span class="id" title="var">Hneq</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;l<sub>1</sub>&nbsp;=&nbsp;0&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">st</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;st&nbsp;=&nbsp;<span class="inlinecode"></span>&nbsp;*)</span> <span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.replace_nil"><span class="id" title="lemma">replace_nil</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;st&nbsp;=&nbsp;_&nbsp;::&nbsp;_&nbsp;*)</span> <span class="id" title="tactic">destruct</span> <span class="id" title="var">l<sub>2</sub></span>... <span class="id" title="var">contradict</span> <span class="id" title="var">Hneq</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;l<sub>1</sub>&nbsp;=&nbsp;S&nbsp;l<sub>1</sub>'&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">st</span> <span class="id" title="keyword">as</span> [|<span class="id" title="var">t<sub>2</sub></span> <span class="id" title="var">st<sub>2</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;st&nbsp;=&nbsp;<span class="inlinecode"></span>&nbsp;*)</span> <span class="id" title="tactic">destruct</span> <span class="id" title="var">l<sub>2</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;st&nbsp;=&nbsp;t<sub>2</sub>&nbsp;::&nbsp;st<sub>2</sub>&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">l<sub>2</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">simpl</span>; <span class="id" title="tactic">apply</span> <span class="id" title="var">IHl1'</span>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab401"></a><h2 class="section">Reduction</h2>

<div class="paragraph"> </div>

 Next, we need to extend the operational semantics to take
    stores into account.  Since the result of reducing an expression
    will in general depend on the contents of the store in which it is
    reduced, the evaluation rules should take not just a term but
    also a store as argument.  Furthermore, since the reduction of a
    term can cause side effects on the store, and these may affect the
    reduction of other terms in the future, the reduction rules need
    to return a new store.  Thus, the shape of the single-step
    reduction relation needs to change from <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span> to <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">/</span> <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span> <span class="inlinecode"><span class="id" title="var">t'</span></span> <span class="inlinecode">/</span>
    <span class="inlinecode"><span class="id" title="var">st'</span></span>, where <span class="inlinecode"><span class="id" title="var">st</span></span> and <span class="inlinecode"><span class="id" title="var">st'</span></span> are the starting and ending states of
    the store.

<div class="paragraph"> </div>

    To carry through this change, we first need to augment all of our
    existing reduction rules with stores:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">value v<sub>2</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (ST_AppAbs) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">(\x:T<sub>2</sub>.t1) v<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> [x:=v<sub>2</sub>]t<sub>1</sub> / st</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_App1) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' t<sub>2</sub> / st'</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">value v<sub>1</sub>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>2</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_App2) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">v<sub>1</sub> t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> v<sub>1</sub> t<sub>2</sub>' / st'</td>
  <td></td>
</td>
</table></center>    Note that the first rule here returns the store unchanged, since
    function application, in itself, has no side effects.  The other
    two rules simply propagate side effects from premise to
    conclusion.

<div class="paragraph"> </div>

    Now, the result of reducing a <span class="inlinecode"><span class="id" title="var">ref</span></span> expression will be a fresh
    location; this is why we included locations in the syntax of terms
    and in the set of values.  It is crucial to note that making this
    extension to the syntax of terms does not mean that we intend
    <i>programmers</i> to write terms involving explicit, concrete locations:
    such terms will arise only as intermediate results during reduction.
    This may seem odd, but it follows naturally from our design decision
    to represent the result of every reduction step by a modified <i>term</i>.
    If we had chosen a more "machine-like" model, e.g., with an explicit
    stack to contain values of bound identifiers, then the idea of adding
    locations to the set of allowed values might seem more obvious.

<div class="paragraph"> </div>

    In terms of this expanded syntax, we can state reduction rules
    for the new constructs that manipulate locations and the store.
    First, to reduce a dereferencing expression <span class="inlinecode">!<span class="id" title="var">t<sub>1</sub></span></span>, we must first
    reduce <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> until it becomes a value:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Deref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">!t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> !t<sub>1</sub>' / st'</td>
  <td></td>
</td>
</table></center>    Once <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> has finished reducing, we should have an expression of
    the form <span class="inlinecode">!<span class="id" title="var">l</span></span>, where <span class="inlinecode"><span class="id" title="var">l</span></span> is some location.  (A term that attempts
    to dereference any other sort of value, such as a function or
    <span class="inlinecode"><span class="id" title="var">unit</span></span>, is erroneous, as is a term that tries to dereference a
    location that is larger than the size <span class="inlinecode">|<span class="id" title="var">st</span>|</span> of the currently
    allocated store; the reduction rules simply get stuck in this
    case.  The type-safety properties established below assure us
    that well-typed terms will never misbehave in this way.)
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">l < |st|</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_DerefLoc) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">!(loc l) / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> lookup l st / st</td>
  <td></td>
</td>
</table></center>
<div class="paragraph"> </div>

    Next, to reduce an assignment expression <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span>:=<span class="id" title="var">t<sub>2</sub></span></span>, we must first
    reduce <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> until it becomes a value (a location), and then
    reduce <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span> until it becomes a value (of any sort):
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Assign1) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> := t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' := t<sub>2</sub> / st'</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>2</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Assign2) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">v<sub>1</sub> := t<sub>2</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> v<sub>1</sub> := t<sub>2</sub>' / st'</td>
  <td></td>
</td>
</table></center>    Once we have finished with <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">t<sub>2</sub></span></span>, we have an expression of
    the form <span class="inlinecode"><span class="id" title="var">l</span>:=<span class="id" title="var">v</span></span>, which we execute by updating the store to make
    location <span class="inlinecode"><span class="id" title="var">l</span></span> contain <span class="inlinecode"><span class="id" title="var">v</span></span>:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">l < |st|</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Assign) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">loc l := v / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> unit / [l:=v]st</td>
  <td></td>
</td>
</table></center>    The notation <span class="inlinecode">[<span class="id" title="var">l</span>:=<span class="id" title="var">v</span>]<span class="id" title="var">st</span></span> means "the store that maps <span class="inlinecode"><span class="id" title="var">l</span></span> to <span class="inlinecode"><span class="id" title="var">v</span></span>
    and maps all other locations to the same thing as <span class="inlinecode"><span class="id" title="var">st</span>.</span>"  Note
    that the term resulting from this reduction step is just <span class="inlinecode"><span class="id" title="var">unit</span></span>;
    the interesting result is the updated store.

<div class="paragraph"> </div>

    Finally, to reduct an expression of the form <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span>, we first
    reduce <span class="inlinecode"><span class="id" title="var">t<sub>1</sub></span></span> until it becomes a value:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> t<sub>1</sub>' / st'</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_Ref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">ref t<sub>1</sub> / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> ref t<sub>1</sub>' / st'</td>
  <td></td>
</td>
</table></center>    Then, to reduce the <span class="inlinecode"><span class="id" title="var">ref</span></span> itself, we choose a fresh location at
    the end of the current store -- i.e., location <span class="inlinecode">|<span class="id" title="var">st</span>|</span> -- and yield
    a new store that extends <span class="inlinecode"><span class="id" title="var">st</span></span> with the new value <span class="inlinecode"><span class="id" title="var">v</span></span>.
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">&nbsp;&nbsp;</td>
  <td class="infrulenamecol" rowspan="3">
    (ST_RefValue) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">ref v / st <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> loc |st| / st,v</td>
  <td></td>
</td>
</table></center>    The value resulting from this step is the newly allocated location
    itself.  (Formally, <span class="inlinecode"><span class="id" title="var">st</span>,<span class="id" title="var">v</span></span> means <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode">++</span> <span class="inlinecode"><span class="id" title="var">v</span>::<span class="id" title="var">nil</span></span> -- i.e., to add
    a new reference cell to the store, we append it to the end.)

<div class="paragraph"> </div>

    Note that these reduction rules do not perform any kind of
    garbage collection: we simply allow the store to keep growing
    without bound as reduction proceeds.  This does not affect the
    correctness of the results of reduction (after all, the
    definition of "garbage" is precisely parts of the store that are
    no longer reachable and so cannot play any further role in
    reduction), but it means that a naive implementation of our
    evaluator might run out of memory where a more sophisticated
    evaluator would be able to continue by reusing locations whose
    contents have become garbage.

<div class="paragraph"> </div>

    Here are the rules again, formally: 
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot;t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' '/' st'"<br/>
&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39, <span class="id" title="var">t'</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="STLCRef.step" class="idref" href="#STLCRef.step"><span class="id" title="inductive">step</span></a> : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#STLCRef.store"><span class="id" title="definition">store</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#STLCRef.store"><span class="id" title="definition">store</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_AppAbs" class="idref" href="#STLCRef.ST_AppAbs"><span class="id" title="constructor">ST_AppAbs</span></a> : <span class="id" title="keyword">∀</span> <a id="x:44" class="idref" href="#x:44"><span class="id" title="binder">x</span></a> <a id="T<sub>2</sub>:45" class="idref" href="#T<sub>2</sub>:45"><span class="id" title="binder">T<sub>2</sub></span></a> <a id="t<sub>1</sub>:46" class="idref" href="#t<sub>1</sub>:46"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="v<sub>2</sub>:47" class="idref" href="#v<sub>2</sub>:47"><span class="id" title="binder">v<sub>2</sub></span></a> <a id="st:48" class="idref" href="#st:48"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v<sub>2</sub>:47"><span class="id" title="variable">v<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#x:44"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <a class="idref" href="References.html#T<sub>2</sub>:45"><span class="id" title="variable">T<sub>2</sub></span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#t<sub>1</sub>:46"><span class="id" title="variable">t<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#v<sub>2</sub>:47"><span class="id" title="variable">v<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:48"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:44"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#v<sub>2</sub>:47"><span class="id" title="variable">v<sub>2</sub></span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <a class="idref" href="References.html#t<sub>1</sub>:46"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:48"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_App1" class="idref" href="#STLCRef.ST_App1"><span class="id" title="constructor">ST_App1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:49" class="idref" href="#t<sub>1</sub>:49"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':50" class="idref" href="#t<sub>1</sub>':50"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:51" class="idref" href="#t<sub>2</sub>:51"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="st:52" class="idref" href="#st:52"><span class="id" title="binder">st</span></a> <a id="st':53" class="idref" href="#st':53"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:49"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:52"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':50"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':53"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>:49"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#t<sub>2</sub>:51"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:52"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>':50"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#t<sub>2</sub>:51"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':53"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_App2" class="idref" href="#STLCRef.ST_App2"><span class="id" title="constructor">ST_App2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:54" class="idref" href="#v<sub>1</sub>:54"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:55" class="idref" href="#t<sub>2</sub>:55"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':56" class="idref" href="#t<sub>2</sub>':56"><span class="id" title="binder">t<sub>2</sub>'</span></a> <a id="st:57" class="idref" href="#st:57"><span class="id" title="binder">st</span></a> <a id="st':58" class="idref" href="#st':58"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v<sub>1</sub>:54"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>2</sub>:55"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:57"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>2</sub>':56"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':58"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:54"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#t<sub>2</sub>:55"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:57"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:54"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#t<sub>2</sub>':56"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':58"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;numbers&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_SuccNat" class="idref" href="#STLCRef.ST_SuccNat"><span class="id" title="constructor">ST_SuccNat</span></a> : <span class="id" title="keyword">∀</span> (<a id="n:59" class="idref" href="#n:59"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) <a id="st:60" class="idref" href="#st:60"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <a class="idref" href="References.html#n:59"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:60"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <a class="idref" href="References.html#n:59"><span class="id" title="variable">n</span></a>) <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:60"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Succ" class="idref" href="#STLCRef.ST_Succ"><span class="id" title="constructor">ST_Succ</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:61" class="idref" href="#t<sub>1</sub>:61"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':62" class="idref" href="#t<sub>1</sub>':62"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="st:63" class="idref" href="#st:63"><span class="id" title="binder">st</span></a> <a id="st':64" class="idref" href="#st':64"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:61"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:63"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':62"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':64"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <a class="idref" href="References.html#t<sub>1</sub>:61"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:63"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <a class="idref" href="References.html#t<sub>1</sub>':62"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':64"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_PredNat" class="idref" href="#STLCRef.ST_PredNat"><span class="id" title="constructor">ST_PredNat</span></a> : <span class="id" title="keyword">∀</span> (<a id="n:65" class="idref" href="#n:65"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) <a id="st:66" class="idref" href="#st:66"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <a class="idref" href="References.html#n:65"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:66"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a> (<a class="idref" href="References.html#n:65"><span class="id" title="variable">n</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#::nat_scope:x_'-'_x"><span class="id" title="notation">-</span></a> 1) <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:66"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Pred" class="idref" href="#STLCRef.ST_Pred"><span class="id" title="constructor">ST_Pred</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:67" class="idref" href="#t<sub>1</sub>:67"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':68" class="idref" href="#t<sub>1</sub>':68"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="st:69" class="idref" href="#st:69"><span class="id" title="binder">st</span></a> <a id="st':70" class="idref" href="#st':70"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:67"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:69"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':68"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':70"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <a class="idref" href="References.html#t<sub>1</sub>:67"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:69"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <a class="idref" href="References.html#t<sub>1</sub>':68"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':70"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_MultNats" class="idref" href="#STLCRef.ST_MultNats"><span class="id" title="constructor">ST_MultNats</span></a> : <span class="id" title="keyword">∀</span> (<a id="n<sub>1</sub>:71" class="idref" href="#n<sub>1</sub>:71"><span class="id" title="binder">n<sub>1</sub></span></a> <a id="n<sub>2</sub>:72" class="idref" href="#n<sub>2</sub>:72"><span class="id" title="binder">n<sub>2</sub></span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) <a id="st:73" class="idref" href="#st:73"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#n<sub>1</sub>:71"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#n<sub>2</sub>:72"><span class="id" title="variable">n<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:73"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a>  <a class="idref" href="References.html#STLCRef.tm_const"><span class="id" title="constructor">tm_const</span></a> (<a class="idref" href="References.html#n<sub>1</sub>:71"><span class="id" title="variable">n<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ea2ff3d561159081cea6fb2e8113cc<sub>54</sub>"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#n<sub>2</sub>:72"><span class="id" title="variable">n<sub>2</sub></span></a>) <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:73"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Mult1" class="idref" href="#STLCRef.ST_Mult1"><span class="id" title="constructor">ST_Mult1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:74" class="idref" href="#t<sub>1</sub>:74"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:75" class="idref" href="#t<sub>2</sub>:75"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>1</sub>':76" class="idref" href="#t<sub>1</sub>':76"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="st:77" class="idref" href="#st:77"><span class="id" title="binder">st</span></a> <a id="st':78" class="idref" href="#st':78"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:74"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:77"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':76"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':78"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>:74"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#t<sub>2</sub>:75"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:77"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>':76"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#t<sub>2</sub>:75"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':78"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Mult2" class="idref" href="#STLCRef.ST_Mult2"><span class="id" title="constructor">ST_Mult2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:79" class="idref" href="#v<sub>1</sub>:79"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:80" class="idref" href="#t<sub>2</sub>:80"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':81" class="idref" href="#t<sub>2</sub>':81"><span class="id" title="binder">t<sub>2</sub>'</span></a> <a id="st:82" class="idref" href="#st:82"><span class="id" title="binder">st</span></a> <a id="st':83" class="idref" href="#st':83"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v<sub>1</sub>:79"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>2</sub>:80"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:82"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>2</sub>':81"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':83"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:79"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#t<sub>2</sub>:80"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:82"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:79"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#t<sub>2</sub>':81"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':83"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_If<sub>0</sub>" class="idref" href="#STLCRef.ST_If<sub>0</sub>"><span class="id" title="constructor">ST_If<sub>0</sub></span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:84" class="idref" href="#t<sub>1</sub>:84"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':85" class="idref" href="#t<sub>1</sub>':85"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:86" class="idref" href="#t<sub>2</sub>:86"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:87" class="idref" href="#t<sub>3</sub>:87"><span class="id" title="binder">t<sub>3</sub></span></a> <a id="st:88" class="idref" href="#st:88"><span class="id" title="binder">st</span></a> <a id="st':89" class="idref" href="#st':89"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:84"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:88"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':85"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':89"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <a class="idref" href="References.html#t<sub>1</sub>:84"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#t<sub>2</sub>:86"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#t<sub>3</sub>:87"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:88"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <a class="idref" href="References.html#t<sub>1</sub>':85"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#t<sub>2</sub>:86"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#t<sub>3</sub>:87"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':89"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_If0_Zero" class="idref" href="#STLCRef.ST_If0_Zero"><span class="id" title="constructor">ST_If0_Zero</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>2</sub>:90" class="idref" href="#t<sub>2</sub>:90"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:91" class="idref" href="#t<sub>3</sub>:91"><span class="id" title="binder">t<sub>3</sub></span></a> <a id="st:92" class="idref" href="#st:92"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> 0 <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#t<sub>2</sub>:90"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#t<sub>3</sub>:91"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:92"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>2</sub>:90"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:92"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_If0_Nonzero" class="idref" href="#STLCRef.ST_If0_Nonzero"><span class="id" title="constructor">ST_If0_Nonzero</span></a> : <span class="id" title="keyword">∀</span> <a id="n:93" class="idref" href="#n:93"><span class="id" title="binder">n</span></a> <a id="t<sub>2</sub>:94" class="idref" href="#t<sub>2</sub>:94"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:95" class="idref" href="#t<sub>3</sub>:95"><span class="id" title="binder">t<sub>3</sub></span></a> <a id="st:96" class="idref" href="#st:96"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <a class="idref" href="References.html#n:93"><span class="id" title="variable">n</span></a><a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#t<sub>2</sub>:94"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#t<sub>3</sub>:95"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:96"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>3</sub>:95"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:96"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;references&nbsp;*)</span><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_RefValue" class="idref" href="#STLCRef.ST_RefValue"><span class="id" title="constructor">ST_RefValue</span></a> : <span class="id" title="keyword">∀</span> <a id="v:97" class="idref" href="#v:97"><span class="id" title="binder">v</span></a> <a id="st:98" class="idref" href="#st:98"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v:97"><span class="id" title="variable">v</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#v:97"><span class="id" title="variable">v</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:98"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:98"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#st:98"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <a class="idref" href="References.html#v:97"><span class="id" title="variable">v</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a><a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Ref" class="idref" href="#STLCRef.ST_Ref"><span class="id" title="constructor">ST_Ref</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:99" class="idref" href="#t<sub>1</sub>:99"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':100" class="idref" href="#t<sub>1</sub>':100"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="st:101" class="idref" href="#st:101"><span class="id" title="binder">st</span></a> <a id="st':102" class="idref" href="#st':102"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:99"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:101"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':100"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':102"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#t<sub>1</sub>:99"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a>  <a class="idref" href="References.html#st:101"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#t<sub>1</sub>':100"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a>  <a class="idref" href="References.html#st':102"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_DerefLoc" class="idref" href="#STLCRef.ST_DerefLoc"><span class="id" title="constructor">ST_DerefLoc</span></a> : <span class="id" title="keyword">∀</span> <a id="st:103" class="idref" href="#st:103"><span class="id" title="binder">st</span></a> <a id="l:104" class="idref" href="#l:104"><span class="id" title="binder">l</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#l:104"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:103"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <a class="idref" href="References.html#l:104"><span class="id" title="variable">l</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:103"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> <a class="idref" href="References.html#l:104"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#st:103"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:103"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Deref" class="idref" href="#STLCRef.ST_Deref"><span class="id" title="constructor">ST_Deref</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:105" class="idref" href="#t<sub>1</sub>:105"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':106" class="idref" href="#t<sub>1</sub>':106"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="st:107" class="idref" href="#st:107"><span class="id" title="binder">st</span></a> <a id="st':108" class="idref" href="#st':108"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:105"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:107"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':106"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':108"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#t<sub>1</sub>:105"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:107"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#t<sub>1</sub>':106"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':108"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Assign" class="idref" href="#STLCRef.ST_Assign"><span class="id" title="constructor">ST_Assign</span></a> : <span class="id" title="keyword">∀</span> <a id="v:109" class="idref" href="#v:109"><span class="id" title="binder">v</span></a> <a id="l:110" class="idref" href="#l:110"><span class="id" title="binder">l</span></a> <a id="st:111" class="idref" href="#st:111"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v:109"><span class="id" title="variable">v</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#l:110"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:111"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <a class="idref" href="References.html#l:110"><span class="id" title="variable">l</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#v:109"><span class="id" title="variable">v</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:111"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#l:110"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#v:109"><span class="id" title="variable">v</span></a> <a class="idref" href="References.html#st:111"><span class="id" title="variable">st</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Assign1" class="idref" href="#STLCRef.ST_Assign1"><span class="id" title="constructor">ST_Assign1</span></a> : <span class="id" title="keyword">∀</span> <a id="t<sub>1</sub>:112" class="idref" href="#t<sub>1</sub>:112"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>1</sub>':113" class="idref" href="#t<sub>1</sub>':113"><span class="id" title="binder">t<sub>1</sub>'</span></a> <a id="t<sub>2</sub>:114" class="idref" href="#t<sub>2</sub>:114"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="st:115" class="idref" href="#st:115"><span class="id" title="binder">st</span></a> <a id="st':116" class="idref" href="#st':116"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>1</sub>:112"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:115"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>1</sub>':113"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':116"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>:112"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#t<sub>2</sub>:114"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:115"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#t<sub>1</sub>':113"><span class="id" title="variable">t<sub>1</sub>'</span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#t<sub>2</sub>:114"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':116"><span class="id" title="variable">st'</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.ST_Assign2" class="idref" href="#STLCRef.ST_Assign2"><span class="id" title="constructor">ST_Assign2</span></a> : <span class="id" title="keyword">∀</span> <a id="v<sub>1</sub>:117" class="idref" href="#v<sub>1</sub>:117"><span class="id" title="binder">v<sub>1</sub></span></a> <a id="t<sub>2</sub>:118" class="idref" href="#t<sub>2</sub>:118"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>2</sub>':119" class="idref" href="#t<sub>2</sub>':119"><span class="id" title="binder">t<sub>2</sub>'</span></a> <a id="st:120" class="idref" href="#st:120"><span class="id" title="binder">st</span></a> <a id="st':121" class="idref" href="#st':121"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#v<sub>1</sub>:117"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#t<sub>2</sub>:118"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:120"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t<sub>2</sub>':119"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':121"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:117"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#t<sub>2</sub>:118"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:120"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#v<sub>1</sub>:117"><span class="id" title="variable">v<sub>1</sub></span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#t<sub>2</sub>':119"><span class="id" title="variable">t<sub>2</sub>'</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':121"><span class="id" title="variable">st'</span></a><br/>
<br/>
<span class="id" title="keyword">where</span> <a id="52c1db39972e4cbec4580651bf814ae<sub>4</sub>" class="idref" href="#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">&quot;</span></a>t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>' t' '/' st'" := (<a class="idref" href="References.html#step:43"><span class="id" title="inductive">step</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>).<br/>
</div>

<div class="doc">
One slightly ugly point should be noted here: In the <span class="inlinecode"><span class="id" title="var">ST_RefValue</span></span>
    rule, we extend the state by writing <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode">++</span> <span class="inlinecode"><span class="id" title="var">v</span>::<span class="id" title="var">nil</span></span> rather than
    the more natural <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode">++</span> <span class="inlinecode">[<span class="id" title="var">v</span>]</span>.  The reason for this is that the
    notation we've defined for substitution uses square brackets,
    which clash with the standard library's notation for lists. 
</div>
<div class="code">

<span class="id" title="keyword">Hint Constructors</span> <a class="idref" href="References.html#step"><span class="id" title="inductive">step</span></a> : <span class="id" title="var">core</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.multistep" class="idref" href="#STLCRef.multistep"><span class="id" title="definition">multistep</span></a> := (<a class="idref" href="Smallstep.html#multi"><span class="id" title="inductive">multi</span></a> <a class="idref" href="References.html#STLCRef.step"><span class="id" title="inductive">step</span></a>).<br/>
<span class="id" title="keyword">Notation</span> <a id="b287434a45944b52264023e0222ca7a<sub>2</sub>" class="idref" href="#b287434a45944b52264023e0222ca7a<sub>2</sub>"><span class="id" title="notation">&quot;</span></a>t '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>' t' '/' st'" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.multistep"><span class="id" title="definition">multistep</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39, <span class="id" title="var">t'</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/>
</div>

<div class="doc">
<a id="lab402"></a><h1 class="section">Typing</h1>

<div class="paragraph"> </div>

 The contexts assigning types to free variables are exactly the
    same as for the STLC: partial maps from identifiers to types. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.context" class="idref" href="#STLCRef.context"><span class="id" title="definition">context</span></a> := <span class="id" title="definition">partial_map</span> <a class="idref" href="References.html#STLCRef.ty"><span class="id" title="inductive">ty</span></a>.<br/><hr class='doublespaceincode'/>
</div>

<div class="doc">
<a id="lab403"></a><h2 class="section">Store typings</h2>

<div class="paragraph"> </div>

 Having extended our syntax and reduction rules to accommodate
    references, our last job is to write down typing rules for the new
    constructs (and, of course, to check that these rules are sound!).
    Naturalurally, the key question is, "What is the type of a location?"

<div class="paragraph"> </div>

    First of all, notice that this question doesn't arise when
    typechecking terms that programmers actually
    write.  Concrete location constants arise only in terms that are
    the intermediate results of reduction; they are not in the
    language that programmers write.  So we only need to determine the
    type of a location when we're in the middle of a reduction
    sequence, e.g., trying to apply the progress or preservation
    lemmas.  Thus, even though we normally think of typing as a
    <i>static</i> program property, it makes sense for the typing of
    locations to depend on the <i>dynamic</i> progress of the program too.

<div class="paragraph"> </div>

    As a first try, note that when we reduce a term containing
    concrete locations, the type of the result depends on the contents
    of the store that we start with.  For example, if we reduce the
    term <span class="inlinecode">!(<span class="id" title="var">loc</span></span> <span class="inlinecode">1)</span> in the store <span class="inlinecode">[<span class="id" title="var">unit</span>,</span> <span class="inlinecode"><span class="id" title="var">unit</span>]</span>, the result is <span class="inlinecode"><span class="id" title="var">unit</span></span>;
    if we reduce the same term in the store <span class="inlinecode">[<span class="id" title="var">unit</span>,</span> <span class="inlinecode">\<span class="id" title="var">x</span>:<span class="id" title="var">Unit.x</span>]</span>, the
    result is <span class="inlinecode">\<span class="id" title="var">x</span>:<span class="id" title="var">Unit.x</span></span>.  With respect to the former store, the
    location <span class="inlinecode">1</span> has type <span class="inlinecode"><span class="id" title="var">Unit</span></span>, and with respect to the latter it
    has type <span class="inlinecode"><span class="id" title="var">Unit</span>→<span class="id" title="var">Unit</span></span>. This observation leads us immediately to a
    first attempt at a typing rule for locations:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; lookup  l st : T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma &#x22A2; loc l : Ref T<sub>1</sub></td>
  <td></td>
</td>
</table></center>    That is, to find the type of a location <span class="inlinecode"><span class="id" title="var">l</span></span>, we look up the
    current contents of <span class="inlinecode"><span class="id" title="var">l</span></span> in the store and calculate the type <span class="inlinecode"><span class="id" title="var">T<sub>1</sub></span></span>
    of the contents.  The type of the location is then <span class="inlinecode"><span class="id" title="var">Ref</span></span> <span class="inlinecode"><span class="id" title="var">T<sub>1</sub></span></span>.

<div class="paragraph"> </div>

    Having begun in this way, we need to go a little further to reach a
    consistent state.  In effect, by making the type of a term depend on
    the store, we have changed the typing relation from a three-place
    relation (between contexts, terms, and types) to a four-place relation
    (between contexts, <i>stores</i>, terms, and types).  Since the store is,
    intuitively, part of the context in which we calculate the type of a
    term, let's write this four-place relation with the store to the left
    of the turnstile: <span class="inlinecode"><span class="id" title="var">Gamma</span>;</span> <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode">&#x22A2;</span> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">:</span> <span class="inlinecode"><span class="id" title="var">T</span></span>.  Our rule for typing
    references now has the form
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma; st &#x22A2; lookup l st : T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; st &#x22A2; loc l : Ref T<sub>1</sub></td>
  <td></td>
</td>
</table></center>    and all the rest of the typing rules in the system are extended
    similarly with stores.  (The other rules do not need to do anything
    interesting with their stores -- just pass them from premise to
    conclusion.)

<div class="paragraph"> </div>

    However, this rule will not quite do.  For one thing, typechecking
    is rather inefficient, since calculating the type of a location <span class="inlinecode"><span class="id" title="var">l</span></span>
    involves calculating the type of the current contents <span class="inlinecode"><span class="id" title="var">v</span></span> of <span class="inlinecode"><span class="id" title="var">l</span></span>.  If
    <span class="inlinecode"><span class="id" title="var">l</span></span> appears many times in a term <span class="inlinecode"><span class="id" title="var">t</span></span>, we will re-calculate the type of
    <span class="inlinecode"><span class="id" title="var">v</span></span> many times in the course of constructing a typing derivation for
    <span class="inlinecode"><span class="id" title="var">t</span></span>.  Worse, if <span class="inlinecode"><span class="id" title="var">v</span></span> itself contains locations, then we will have to
    recalculate <i>their</i> types each time they appear.  Worse yet, the
    proposed typing rule for locations may not allow us to derive
    anything at all, if the store contains a <i>cycle</i>.  For example,
    there is no finite typing derivation for the location <span class="inlinecode">0</span> with respect
    to this store:
<pre>
   [\x:Nat. (!(loc 1)) x, \x:Nat. (!(loc 0)) x]
</pre>

<div class="paragraph"> </div>

<a id="lab404"></a><h4 class="section">Exercise: 2 stars, standard (cyclic_store)</h4>
 Can you find a term whose reduction will create this particular
    cyclic store? 
</div>
<div class="code">

<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.manual_grade_for_cyclic_store" class="idref" href="#STLCRef.manual_grade_for_cyclic_store"><span class="id" title="definition">manual_grade_for_cyclic_store</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 These problems arise from the fact that our proposed
    typing rule for locations requires us to recalculate the type of a
    location every time we mention it in a term.  But this,
    intuitively, should not be necessary.  After all, when a location
    is first created, we know the type of the initial value that we
    are storing into it.  Suppose we are willing to enforce the
    invariant that the type of the value contained in a given location
    <i>never changes</i>; that is, although we may later store other values
    into this location, those other values will always have the same
    type as the initial one.  In other words, we always have in mind a
    single, definite type for every location in the store, which is
    fixed when the location is allocated.  Then these intended types
    can be collected together as a <i>store typing</i> -- a finite function
    mapping locations to types.

<div class="paragraph"> </div>

    As with the other type systems we've seen, this conservative typing
    restriction on allowed updates means that we will rule out as
    ill-typed some programs that could reduce perfectly well without
    getting stuck.

<div class="paragraph"> </div>

    Just as we did for stores, we will represent a store type simply
    as a list of types: the type at index <span class="inlinecode"><span class="id" title="var">i</span></span> records the type of the
    values that we expect to be stored in cell <span class="inlinecode"><span class="id" title="var">i</span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.store_ty" class="idref" href="#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a> := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#STLCRef.ty"><span class="id" title="inductive">ty</span></a>.<br/>
</div>

<div class="doc">
The <span class="inlinecode"><span class="id" title="var">store_Tlookup</span></span> function retrieves the type at a particular
    index. 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.store_Tlookup" class="idref" href="#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> (<a id="n:122" class="idref" href="#n:122"><span class="id" title="binder">n</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>) (<a id="ST:123" class="idref" href="#ST:123"><span class="id" title="binder">ST</span></a>:<a class="idref" href="References.html#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a>) :=<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#nth"><span class="id" title="definition">nth</span></a> <a class="idref" href="References.html#n:122"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#ST:123"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/>
</div>

<div class="doc">
Suppose we are given a store typing <span class="inlinecode"><span class="id" title="var">ST</span></span> describing the store
    <span class="inlinecode"><span class="id" title="var">st</span></span> in which some term <span class="inlinecode"><span class="id" title="var">t</span></span> will be reduced.  Then we can use
    <span class="inlinecode"><span class="id" title="var">ST</span></span> to calculate the type of the result of <span class="inlinecode"><span class="id" title="var">t</span></span> without ever
    looking directly at <span class="inlinecode"><span class="id" title="var">st</span></span>.  For example, if <span class="inlinecode"><span class="id" title="var">ST</span></span> is <span class="inlinecode">[<span class="id" title="var">Unit</span>,</span>
    <span class="inlinecode"><span class="id" title="var">Unit</span>→<span class="id" title="var">Unit</span>]</span>, then we can immediately infer that <span class="inlinecode">!(<span class="id" title="var">loc</span></span> <span class="inlinecode">1)</span> has
    type <span class="inlinecode"><span class="id" title="var">Unit</span>→<span class="id" title="var">Unit</span></span>.  More generally, the typing rule for locations
    can be reformulated in terms of store typings like this:
<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">l < |ST|</td>
  <td class="infrulenamecol" rowspan="3">
    &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; loc l : Ref (lookup l ST)</td>
  <td></td>
</td>
</table></center>
<div class="paragraph"> </div>

    That is, as long as <span class="inlinecode"><span class="id" title="var">l</span></span> is a valid location, we can compute the
    type of <span class="inlinecode"><span class="id" title="var">l</span></span> just by looking it up in <span class="inlinecode"><span class="id" title="var">ST</span></span>.  Typing is again a
    four-place relation, but it is parameterized on a store <i>typing</i>
    rather than a concrete store.  The rest of the typing rules are
    analogously augmented with store typings. 
</div>

<div class="doc">
<a id="lab405"></a><h2 class="section">The Typing Relation</h2>

<div class="paragraph"> </div>

 We can now formalize the typing relation for the STLC with
    references.  Here, again, are the rules we're adding to the base
    STLC (with numbers and <span class="inlinecode"><span class="id" title="var">Unit</span></span>): 
<div class="paragraph"> </div>


<div class="paragraph"> </div>

<center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">l < |ST|</td>
  <td class="infrulenamecol" rowspan="3">
    (T_Loc) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; loc l : Ref (lookup l ST)</td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; t<sub>1</sub> : T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Ref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; ref t<sub>1</sub> : Ref T<sub>1</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; t<sub>1</sub> : Ref T<sub>1</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Deref) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; !t<sub>1</sub> : T<sub>1</sub></td>
  <td></td>
</td>
</table></center><center><table class="infrule">
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; t<sub>1</sub> : Ref T<sub>2</sub></td>
  <td></td>
</td>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; t<sub>2</sub> : T<sub>2</sub></td>
  <td class="infrulenamecol" rowspan="3">
    (T_Assign) &nbsp;
  </td></tr>
<tr class="infrulemiddle">
  <td class="infrule"><hr /></td>
</tr>
<tr class="infruleassumption">
  <td class="infrule">Gamma; ST &#x22A2; t<sub>1</sub> := t<sub>2</sub> : Unit</td>
  <td></td>
</td>
</table></center>
</div>
<div class="code">

<span class="id" title="keyword">Reserved Notation</span> &quot;Gamma ';' ST '&#x22A2;' t '&#x2208;' T"  (<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">t</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span>, <span class="id" title="var">T</span> <span class="id" title="var">custom</span> <span class="id" title="var">stlc</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 0).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Inductive</span> <a id="STLCRef.has_type" class="idref" href="#STLCRef.has_type"><span class="id" title="inductive">has_type</span></a> (<a id="ST:124" class="idref" href="#ST:124"><span class="id" title="binder">ST</span></a> : <a class="idref" href="References.html#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a>) : <a class="idref" href="References.html#STLCRef.context"><span class="id" title="definition">context</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.ty"><span class="id" title="inductive">ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Var" class="idref" href="#STLCRef.T_Var"><span class="id" title="constructor">T_Var</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:127" class="idref" href="#Gamma:127"><span class="id" title="binder">Gamma</span></a> <a id="x:128" class="idref" href="#x:128"><span class="id" title="binder">x</span></a> <a id="T<sub>1</sub>:129" class="idref" href="#T<sub>1</sub>:129"><span class="id" title="binder">T<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:127"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#x:128"><span class="id" title="variable">x</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#Some"><span class="id" title="constructor">Some</span></a> <a class="idref" href="References.html#T<sub>1</sub>:129"><span class="id" title="variable">T<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:127"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#x:128"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:129"><span class="id" title="variable">T<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Abs" class="idref" href="#STLCRef.T_Abs"><span class="id" title="constructor">T_Abs</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:130" class="idref" href="#Gamma:130"><span class="id" title="binder">Gamma</span></a> <a id="x:131" class="idref" href="#x:131"><span class="id" title="binder">x</span></a> <a id="T<sub>1</sub>:132" class="idref" href="#T<sub>1</sub>:132"><span class="id" title="binder">T<sub>1</sub></span></a> <a id="T<sub>2</sub>:133" class="idref" href="#T<sub>2</sub>:133"><span class="id" title="binder">T<sub>2</sub></span></a> <a id="t<sub>1</sub>:134" class="idref" href="#t<sub>1</sub>:134"><span class="id" title="binder">t<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">update</span> <a class="idref" href="References.html#Gamma:130"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#x:131"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#T<sub>2</sub>:133"><span class="id" title="variable">T<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:134"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:132"><span class="id" title="variable">T<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:130"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#x:131"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a><a class="idref" href="References.html#T<sub>2</sub>:133"><span class="id" title="variable">T<sub>2</sub></span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#t<sub>1</sub>:134"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#T<sub>2</sub>:133"><span class="id" title="variable">T<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#T<sub>1</sub>:132"><span class="id" title="variable">T<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_App" class="idref" href="#STLCRef.T_App"><span class="id" title="constructor">T_App</span></a> : <span class="id" title="keyword">∀</span> <a id="T<sub>1</sub>:135" class="idref" href="#T<sub>1</sub>:135"><span class="id" title="binder">T<sub>1</sub></span></a> <a id="T<sub>2</sub>:136" class="idref" href="#T<sub>2</sub>:136"><span class="id" title="binder">T<sub>2</sub></span></a> <a id="Gamma:137" class="idref" href="#Gamma:137"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:138" class="idref" href="#t<sub>1</sub>:138"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:139" class="idref" href="#t<sub>2</sub>:139"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:137"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:138"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#T<sub>2</sub>:136"><span class="id" title="variable">T<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#T<sub>1</sub>:135"><span class="id" title="variable">T<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:137"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>2</sub>:139"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>2</sub>:136"><span class="id" title="variable">T<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:137"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:138"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#t<sub>2</sub>:139"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:135"><span class="id" title="variable">T<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Nat" class="idref" href="#STLCRef.T_Nat"><span class="id" title="constructor">T_Nat</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:140" class="idref" href="#Gamma:140"><span class="id" title="binder">Gamma</span></a> (<a id="n:141" class="idref" href="#n:141"><span class="id" title="binder">n</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:140"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#n:141"><span class="id" title="variable">n</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Succ" class="idref" href="#STLCRef.T_Succ"><span class="id" title="constructor">T_Succ</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:142" class="idref" href="#Gamma:142"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:143" class="idref" href="#t<sub>1</sub>:143"><span class="id" title="binder">t<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:142"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:143"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:142"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <a class="idref" href="References.html#t<sub>1</sub>:143"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Pred" class="idref" href="#STLCRef.T_Pred"><span class="id" title="constructor">T_Pred</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:144" class="idref" href="#Gamma:144"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:145" class="idref" href="#t<sub>1</sub>:145"><span class="id" title="binder">t<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:144"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:145"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:144"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <a class="idref" href="References.html#t<sub>1</sub>:145"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Mult" class="idref" href="#STLCRef.T_Mult"><span class="id" title="constructor">T_Mult</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:146" class="idref" href="#Gamma:146"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:147" class="idref" href="#t<sub>1</sub>:147"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:148" class="idref" href="#t<sub>2</sub>:148"><span class="id" title="binder">t<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:146"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:147"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:146"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>2</sub>:148"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:146"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:147"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <a class="idref" href="References.html#t<sub>2</sub>:148"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_If<sub>0</sub>" class="idref" href="#STLCRef.T_If<sub>0</sub>"><span class="id" title="constructor">T_If<sub>0</sub></span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:149" class="idref" href="#Gamma:149"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:150" class="idref" href="#t<sub>1</sub>:150"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:151" class="idref" href="#t<sub>2</sub>:151"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="t<sub>3</sub>:152" class="idref" href="#t<sub>3</sub>:152"><span class="id" title="binder">t<sub>3</sub></span></a> <a id="T<sub>0</sub>:153" class="idref" href="#T<sub>0</sub>:153"><span class="id" title="binder">T<sub>0</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:149"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:150"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:149"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>2</sub>:151"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>0</sub>:153"><span class="id" title="variable">T<sub>0</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:149"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>3</sub>:152"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>0</sub>:153"><span class="id" title="variable">T<sub>0</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:149"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <a class="idref" href="References.html#t<sub>1</sub>:150"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <a class="idref" href="References.html#t<sub>2</sub>:151"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <a class="idref" href="References.html#t<sub>3</sub>:152"><span class="id" title="variable">t<sub>3</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>0</sub>:153"><span class="id" title="variable">T<sub>0</sub></span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Unit" class="idref" href="#STLCRef.T_Unit"><span class="id" title="constructor">T_Unit</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:154" class="idref" href="#Gamma:154"><span class="id" title="binder">Gamma</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:154"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Loc" class="idref" href="#STLCRef.T_Loc"><span class="id" title="constructor">T_Loc</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:155" class="idref" href="#Gamma:155"><span class="id" title="binder">Gamma</span></a> <a id="l:156" class="idref" href="#l:156"><span class="id" title="binder">l</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#l:156"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:155"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> <a class="idref" href="References.html#l:156"><span class="id" title="variable">l</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <a class="idref" href="References.html#l:156"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Ref" class="idref" href="#STLCRef.T_Ref"><span class="id" title="constructor">T_Ref</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:157" class="idref" href="#Gamma:157"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:158" class="idref" href="#t<sub>1</sub>:158"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="T<sub>1</sub>:159" class="idref" href="#T<sub>1</sub>:159"><span class="id" title="binder">T<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:157"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:158"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:159"><span class="id" title="variable">T<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:157"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#t<sub>1</sub>:158"><span class="id" title="variable">t<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#T<sub>1</sub>:159"><span class="id" title="variable">T<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Deref" class="idref" href="#STLCRef.T_Deref"><span class="id" title="constructor">T_Deref</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:160" class="idref" href="#Gamma:160"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:161" class="idref" href="#t<sub>1</sub>:161"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="T<sub>1</sub>:162" class="idref" href="#T<sub>1</sub>:162"><span class="id" title="binder">T<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:160"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:161"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#T<sub>1</sub>:162"><span class="id" title="variable">T<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:160"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#t<sub>1</sub>:161"><span class="id" title="variable">t<sub>1</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:162"><span class="id" title="variable">T<sub>1</sub></span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.T_Assign" class="idref" href="#STLCRef.T_Assign"><span class="id" title="constructor">T_Assign</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:163" class="idref" href="#Gamma:163"><span class="id" title="binder">Gamma</span></a> <a id="t<sub>1</sub>:164" class="idref" href="#t<sub>1</sub>:164"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="t<sub>2</sub>:165" class="idref" href="#t<sub>2</sub>:165"><span class="id" title="binder">t<sub>2</sub></span></a> <a id="T<sub>2</sub>:166" class="idref" href="#T<sub>2</sub>:166"><span class="id" title="binder">T<sub>2</sub></span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:163"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:164"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#T<sub>2</sub>:166"><span class="id" title="variable">T<sub>2</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:163"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>2</sub>:165"><span class="id" title="variable">t<sub>2</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>2</sub>:166"><span class="id" title="variable">T<sub>2</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:163"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:124"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#t<sub>1</sub>:164"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#t<sub>2</sub>:165"><span class="id" title="variable">t<sub>2</sub></span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><br/>
<br/>
<span class="id" title="keyword">where</span> <a id="ad9380196222cb7b7aaff08f043e41e<sub>2</sub>" class="idref" href="#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&quot;</span></a>Gamma ';' ST '&#x22A2;' t '&#x2208;' T" := (<a class="idref" href="References.html#has_type:126"><span class="id" title="inductive">has_type</span></a> <span class="id" title="var">ST</span> <span class="id" title="var">Gamma</span> <span class="id" title="var">t</span> <span class="id" title="var">T</span>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Hint Constructors</span> <a class="idref" href="References.html#has_type"><span class="id" title="inductive">has_type</span></a> : <span class="id" title="var">core</span>.<br/>
</div>

<div class="doc">
Of course, these typing rules will accurately predict the results
    of reduction only if the concrete store used during reduction
    actually conforms to the store typing that we assume for purposes
    of typechecking.  This proviso exactly parallels the situation
    with free variables in the basic STLC: the substitution lemma
    promises that, if <span class="inlinecode"><span class="id" title="var">Gamma</span></span> <span class="inlinecode">&#x22A2;</span> <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode">:</span> <span class="inlinecode"><span class="id" title="var">T</span></span>, then we can replace the free
    variables in <span class="inlinecode"><span class="id" title="var">t</span></span> with values of the types listed in <span class="inlinecode"><span class="id" title="var">Gamma</span></span> to
    obtain a closed term of type <span class="inlinecode"><span class="id" title="var">T</span></span>, which, by the type preservation
    theorem will reduce to a final result of type <span class="inlinecode"><span class="id" title="var">T</span></span> if it yields
    any result at all.  We will see below how to formalize an
    analogous intuition for stores and store typings.

<div class="paragraph"> </div>

    However, for purposes of typechecking the terms that programmers
    actually write, we do not need to do anything tricky to guess what
    store typing we should use.  Concrete locations arise only in
    terms that are the intermediate results of reduction; they are
    not in the language that programmers write.  Thus, we can simply
    typecheck the programmer's terms with respect to the <i>empty</i> store
    typing.  As reduction proceeds and new locations are created, we
    will always be able to see how to extend the store typing by
    looking at the type of the initial values being placed in newly
    allocated cells; this intuition is formalized in the statement of
    the type preservation theorem below.  
</div>

<div class="doc">
<a id="lab406"></a><h1 class="section">Properties</h1>

<div class="paragraph"> </div>

 Our final task is to check that standard type safety
    properties continue to hold for the STLC with references.  The
    progress theorem ("well-typed terms are not stuck") can be stated
    and proved almost as for the STLC; we just need to add a few
    straightforward cases to the proof to deal with the new
    constructs.  The preservation theorem is a bit more interesting,
    so let's look at it first.  
</div>

<div class="doc">
<a id="lab407"></a><h2 class="section">Well-Typed Stores</h2>

<div class="paragraph"> </div>

 Since we have extended both the reduction relation (with
    initial and final stores) and the typing relation (with a store
    typing), we need to change the statement of preservation to
    include these parameters.  But clearly we cannot just add stores
    and store typings without saying anything about how they are
    related -- i.e., this is wrong: 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="STLCRef.preservation_wrong1" class="idref" href="#STLCRef.preservation_wrong1"><span class="id" title="lemma">preservation_wrong1</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:167" class="idref" href="#ST:167"><span class="id" title="binder">ST</span></a> <a id="T:168" class="idref" href="#T:168"><span class="id" title="binder">T</span></a> <a id="t:169" class="idref" href="#t:169"><span class="id" title="binder">t</span></a> <a id="st:170" class="idref" href="#st:170"><span class="id" title="binder">st</span></a> <a id="t':171" class="idref" href="#t':171"><span class="id" title="binder">t'</span></a> <a id="st':172" class="idref" href="#st':172"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:167"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:169"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:168"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#t:169"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:170"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t':171"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':172"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:167"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t':171"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:168"><span class="id" title="variable">T</span></a>.<br/>
<span class="id" title="keyword">Abort</span>.<br/>
</div>

<div class="doc">
If we typecheck with respect to some set of assumptions about the
    types of the values in the store and then reduce with respect to
    a store that violates these assumptions, the result will be
    disaster.  We say that a store <span class="inlinecode"><span class="id" title="var">st</span></span> is <i>well typed</i> with respect a
    store typing <span class="inlinecode"><span class="id" title="var">ST</span></span> if the term at each location <span class="inlinecode"><span class="id" title="var">l</span></span> in <span class="inlinecode"><span class="id" title="var">st</span></span> has the
    type at location <span class="inlinecode"><span class="id" title="var">l</span></span> in <span class="inlinecode"><span class="id" title="var">ST</span></span>.  Since only closed terms ever get
    stored in locations (why?), it suffices to type them in the empty
    context. The following definition of <span class="inlinecode"><span class="id" title="var">store_well_typed</span></span> formalizes
    this.  
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.store_well_typed" class="idref" href="#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> (<a id="ST:173" class="idref" href="#ST:173"><span class="id" title="binder">ST</span></a>:<a class="idref" href="References.html#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a>) (<a id="st:174" class="idref" href="#st:174"><span class="id" title="binder">st</span></a>:<a class="idref" href="References.html#STLCRef.store"><span class="id" title="definition">store</span></a>) :=<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#ST:173"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:174"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">(</span></a><span class="id" title="keyword">∀</span> <a id="l:175" class="idref" href="#l:175"><span class="id" title="binder">l</span></a>, <a class="idref" href="References.html#l:175"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:174"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">empty</span><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:173"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a> <a class="idref" href="References.html#l:175"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#st:174"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <a class="idref" href="References.html#l:175"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#ST:173"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">)</span></a>.<br/>
</div>

<div class="doc">
Informally, we will write <span class="inlinecode"><span class="id" title="var">ST</span></span> <span class="inlinecode">&#x22A2;</span> <span class="inlinecode"><span class="id" title="var">st</span></span> for <span class="inlinecode"><span class="id" title="var">store_well_typed</span></span> <span class="inlinecode"><span class="id" title="var">ST</span></span> <span class="inlinecode"><span class="id" title="var">st</span></span>. 
<div class="paragraph"> </div>

 Intuitively, a store <span class="inlinecode"><span class="id" title="var">st</span></span> is consistent with a store typing
    <span class="inlinecode"><span class="id" title="var">ST</span></span> if every value in the store has the type predicted by the
    store typing.  The only subtle point is the fact that, when
    typing the values in the store, we supply the very same store
    typing to the typing relation.  This allows us to type circular
    stores like the one we saw above. 
<div class="paragraph"> </div>

<a id="lab408"></a><h4 class="section">Exercise: 2 stars, standard (store_not_unique)</h4>
 Can you find a store <span class="inlinecode"><span class="id" title="var">st</span></span>, and two
    different store typings <span class="inlinecode"><span class="id" title="var">ST<sub>1</sub></span></span> and <span class="inlinecode"><span class="id" title="var">ST<sub>2</sub></span></span> such that both
    <span class="inlinecode"><span class="id" title="var">ST<sub>1</sub></span></span> <span class="inlinecode">&#x22A2;</span> <span class="inlinecode"><span class="id" title="var">st</span></span> and <span class="inlinecode"><span class="id" title="var">ST<sub>2</sub></span></span> <span class="inlinecode">&#x22A2;</span> <span class="inlinecode"><span class="id" title="var">st</span></span>? 
</div>
<div class="code">

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.manual_grade_for_store_not_unique" class="idref" href="#STLCRef.manual_grade_for_store_not_unique"><span class="id" title="definition">manual_grade_for_store_not_unique</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>

<div class="doc"> 
<div class="paragraph"> </div>

 We can now state something closer to the desired preservation
    property: 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="STLCRef.preservation_wrong2" class="idref" href="#STLCRef.preservation_wrong2"><span class="id" title="lemma">preservation_wrong2</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:176" class="idref" href="#ST:176"><span class="id" title="binder">ST</span></a> <a id="T:177" class="idref" href="#T:177"><span class="id" title="binder">T</span></a> <a id="t:178" class="idref" href="#t:178"><span class="id" title="binder">t</span></a> <a id="st:179" class="idref" href="#st:179"><span class="id" title="binder">st</span></a> <a id="t':180" class="idref" href="#t':180"><span class="id" title="binder">t'</span></a> <a id="st':181" class="idref" href="#st':181"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:176"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:178"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:177"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#t:178"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:179"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t':180"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':181"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:176"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:179"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:176"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t':180"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:177"><span class="id" title="variable">T</span></a>.<br/>
<span class="id" title="keyword">Abort</span>.<br/>
</div>

<div class="doc">
This statement is fine for all of the reduction rules except
    the allocation rule <span class="inlinecode"><span class="id" title="var">ST_RefValue</span></span>.  The problem is that this rule
    yields a store with a larger domain than the initial store, which
    falsifies the conclusion of the above statement: if <span class="inlinecode"><span class="id" title="var">st'</span></span> includes
    a binding for a fresh location <span class="inlinecode"><span class="id" title="var">l</span></span>, then <span class="inlinecode"><span class="id" title="var">l</span></span> cannot be in the
    domain of <span class="inlinecode"><span class="id" title="var">ST</span></span>, and it will not be the case that <span class="inlinecode"><span class="id" title="var">t'</span></span> (which
    definitely mentions <span class="inlinecode"><span class="id" title="var">l</span></span>) is typable under <span class="inlinecode"><span class="id" title="var">ST</span></span>. 
</div>

<div class="doc">
<a id="lab409"></a><h2 class="section">Extending Store Typings</h2>

<div class="paragraph"> </div>

 Evidently, since the store can increase in size during reduction,
    we need to allow the store typing to grow as well.  This motivates
    the following definition.  We say that the store type <span class="inlinecode"><span class="id" title="var">ST'</span></span>
    <i>extends</i> <span class="inlinecode"><span class="id" title="var">ST</span></span> if <span class="inlinecode"><span class="id" title="var">ST'</span></span> is just <span class="inlinecode"><span class="id" title="var">ST</span></span> with some new types added to
    the end. 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="STLCRef.extends" class="idref" href="#STLCRef.extends"><span class="id" title="inductive">extends</span></a> : <a class="idref" href="References.html#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.store_ty"><span class="id" title="definition">store_ty</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.extends_nil" class="idref" href="#STLCRef.extends_nil"><span class="id" title="constructor">extends_nil</span></a>  : <span class="id" title="keyword">∀</span> <a id="ST':184" class="idref" href="#ST':184"><span class="id" title="binder">ST'</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#extends:182"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':184"><span class="id" title="variable">ST'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.extends_cons" class="idref" href="#STLCRef.extends_cons"><span class="id" title="constructor">extends_cons</span></a> : <span class="id" title="keyword">∀</span> <a id="x:185" class="idref" href="#x:185"><span class="id" title="binder">x</span></a> <a id="ST':186" class="idref" href="#ST':186"><span class="id" title="binder">ST'</span></a> <a id="ST:187" class="idref" href="#ST:187"><span class="id" title="binder">ST</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#extends:182"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':186"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:187"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#extends:182"><span class="id" title="inductive">extends</span></a> (<a class="idref" href="References.html#x:185"><span class="id" title="variable">x</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="References.html#ST':186"><span class="id" title="variable">ST'</span></a>) (<a class="idref" href="References.html#x:185"><span class="id" title="variable">x</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="References.html#ST:187"><span class="id" title="variable">ST</span></a>).<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Hint Constructors</span> <a class="idref" href="References.html#extends"><span class="id" title="inductive">extends</span></a> : <span class="id" title="var">core</span>.<br/>
</div>

<div class="doc">
We'll need a few technical lemmas about extended contexts.

<div class="paragraph"> </div>

    First, looking up a type in an extended store typing yields the
    same result as in the original: 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.extends_lookup" class="idref" href="#STLCRef.extends_lookup"><span class="id" title="lemma">extends_lookup</span></a> : <span class="id" title="keyword">∀</span> <a id="l:188" class="idref" href="#l:188"><span class="id" title="binder">l</span></a> <a id="ST:189" class="idref" href="#ST:189"><span class="id" title="binder">ST</span></a> <a id="ST':190" class="idref" href="#ST':190"><span class="id" title="binder">ST'</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l:188"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#ST:189"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':190"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:189"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <a class="idref" href="References.html#l:188"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#ST':190"><span class="id" title="variable">ST'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <a class="idref" href="References.html#l:188"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#ST:189"><span class="id" title="variable">ST</span></a>.<br/>
<div class="togglescript" id="proofcontrol5" onclick="toggleDisplay('proof5');toggleDisplay('proofcontrol5')"><span class="show"></span></div>
<div class="proofscript" id="proof5" onclick="toggleDisplay('proof5');toggleDisplay('proofcontrol5')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">ST</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">l</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">ST</span> <span class="id" title="keyword">as</span> [|<span class="id" title="var">a</span> <span class="id" title="var">ST<sub>2</sub></span>]; <span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">ST'</span> <span class="id" title="var">Hlen</span> <span class="id" title="var">HST'</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;nil&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;cons&nbsp;*)</span> <span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <span class="id" title="keyword">in</span> ×.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">ST'</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST'&nbsp;=&nbsp;nil&nbsp;*)</span> <span class="id" title="tactic">inversion</span> <span class="id" title="var">HST'</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST'&nbsp;=&nbsp;a'&nbsp;::&nbsp;ST'2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">HST'</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">l</span> <span class="id" title="keyword">as</span> [|<span class="id" title="var">l'</span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;l&nbsp;=&nbsp;0&nbsp;*)</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;l&nbsp;=&nbsp;S&nbsp;l'&nbsp;*)</span> <span class="id" title="tactic">simpl</span>. <span class="id" title="tactic">apply</span> <span class="id" title="var">IHST2</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">simpl</span> <span class="id" title="keyword">in</span> <span class="id" title="var">Hlen</span>; <span class="id" title="var">lia</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
Next, if <span class="inlinecode"><span class="id" title="var">ST'</span></span> extends <span class="inlinecode"><span class="id" title="var">ST</span></span>, the length of <span class="inlinecode"><span class="id" title="var">ST'</span></span> is at least that
    of <span class="inlinecode"><span class="id" title="var">ST</span></span>. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.length_extends" class="idref" href="#STLCRef.length_extends"><span class="id" title="lemma">length_extends</span></a> : <span class="id" title="keyword">∀</span> <a id="l:191" class="idref" href="#l:191"><span class="id" title="binder">l</span></a> <a id="ST:192" class="idref" href="#ST:192"><span class="id" title="binder">ST</span></a> <a id="ST':193" class="idref" href="#ST':193"><span class="id" title="binder">ST'</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l:191"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#ST:192"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':193"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:192"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l:191"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#ST':193"><span class="id" title="variable">ST'</span></a>.<br/>
<div class="togglescript" id="proofcontrol6" onclick="toggleDisplay('proof6');toggleDisplay('proofcontrol6')"><span class="show"></span></div>
<div class="proofscript" id="proof6" onclick="toggleDisplay('proof6');toggleDisplay('proofcontrol6')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span>. <span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">l</span>. <span class="id" title="tactic">induction</span> <span class="id" title="var">H<sub>0</sub></span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;- <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;- <span class="id" title="tactic">simpl</span> <span class="id" title="keyword">in</span> ×.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">l</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">lia</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Lt.html#lt_n_S"><span class="id" title="lemma">lt_n_S</span></a>. <span class="id" title="tactic">apply</span> <span class="id" title="var">IHextends</span>. <span class="id" title="var">lia</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
Finally, <span class="inlinecode"><span class="id" title="var">ST</span></span> <span class="inlinecode">++</span> <span class="inlinecode"><span class="id" title="var">T</span></span> extends <span class="inlinecode"><span class="id" title="var">ST</span></span>, and <span class="inlinecode"><span class="id" title="var">extends</span></span> is reflexive. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.extends_app" class="idref" href="#STLCRef.extends_app"><span class="id" title="lemma">extends_app</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:194" class="idref" href="#ST:194"><span class="id" title="binder">ST</span></a> <a id="T:195" class="idref" href="#T:195"><span class="id" title="binder">T</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> (<a class="idref" href="References.html#ST:194"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <a class="idref" href="References.html#T:195"><span class="id" title="variable">T</span></a>) <a class="idref" href="References.html#ST:194"><span class="id" title="variable">ST</span></a>.<br/>
<div class="togglescript" id="proofcontrol7" onclick="toggleDisplay('proof7');toggleDisplay('proofcontrol7')"><span class="show"></span></div>
<div class="proofscript" id="proof7" onclick="toggleDisplay('proof7');toggleDisplay('proofcontrol7')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">ST</span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">T</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">simpl</span>. <span class="id" title="tactic">auto</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<br/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.extends_refl" class="idref" href="#STLCRef.extends_refl"><span class="id" title="lemma">extends_refl</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:196" class="idref" href="#ST:196"><span class="id" title="binder">ST</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST:196"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ST:196"><span class="id" title="variable">ST</span></a>.<br/>
<div class="togglescript" id="proofcontrol8" onclick="toggleDisplay('proof8');toggleDisplay('proofcontrol8')"><span class="show"></span></div>
<div class="proofscript" id="proof8" onclick="toggleDisplay('proof8');toggleDisplay('proofcontrol8')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">ST</span>; <span class="id" title="tactic">auto</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab410"></a><h2 class="section">Preservation, Finally</h2>

<div class="paragraph"> </div>

 We can now give the final, correct statement of the type
    preservation property: 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.preservation_theorem" class="idref" href="#STLCRef.preservation_theorem"><span class="id" title="definition">preservation_theorem</span></a> := <span class="id" title="keyword">∀</span> <a id="ST:197" class="idref" href="#ST:197"><span class="id" title="binder">ST</span></a> <a id="t:198" class="idref" href="#t:198"><span class="id" title="binder">t</span></a> <a id="t':199" class="idref" href="#t':199"><span class="id" title="binder">t'</span></a> <a id="T:200" class="idref" href="#T:200"><span class="id" title="binder">T</span></a> <a id="st:201" class="idref" href="#st:201"><span class="id" title="binder">st</span></a> <a id="st':202" class="idref" href="#st':202"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:197"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:198"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:200"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:197"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:201"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#t:198"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:201"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t':199"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':202"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="ST':203" class="idref" href="#ST':203"><span class="id" title="binder">ST'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':203"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:197"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST':203"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t':199"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:200"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST':203"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#st':202"><span class="id" title="variable">st'</span></a>.<br/>
</div>

<div class="doc">
Note that the preservation theorem merely asserts that there is
    <i>some</i> store typing <span class="inlinecode"><span class="id" title="var">ST'</span></span> extending <span class="inlinecode"><span class="id" title="var">ST</span></span> (i.e., agreeing with <span class="inlinecode"><span class="id" title="var">ST</span></span>
    on the values of all the old locations) such that the new term
    <span class="inlinecode"><span class="id" title="var">t'</span></span> is well typed with respect to <span class="inlinecode"><span class="id" title="var">ST'</span></span>; it does not tell us
    exactly what <span class="inlinecode"><span class="id" title="var">ST'</span></span> is.  It is intuitively clear, of course, that
    <span class="inlinecode"><span class="id" title="var">ST'</span></span> is either <span class="inlinecode"><span class="id" title="var">ST</span></span> or else exactly <span class="inlinecode"><span class="id" title="var">ST</span></span> <span class="inlinecode">++</span> <span class="inlinecode"><span class="id" title="var">T<sub>1</sub></span>::<span class="id" title="var">nil</span></span>, where
    <span class="inlinecode"><span class="id" title="var">T<sub>1</sub></span></span> is the type of the value <span class="inlinecode"><span class="id" title="var">v<sub>1</sub></span></span> in the extended store <span class="inlinecode"><span class="id" title="var">st</span></span> <span class="inlinecode">++</span>
    <span class="inlinecode"><span class="id" title="var">v<sub>1</sub></span>::<span class="id" title="var">nil</span></span>, but stating this explicitly would complicate the statement of
    the theorem without actually making it any more useful: the weaker
    version above is already in the right form (because its conclusion
    implies its hypothesis) to "turn the crank" repeatedly and
    conclude that every <i>sequence</i> of reduction steps preserves
    well-typedness.  Combining this with the progress property, we
    obtain the usual guarantee that "well-typed programs never go
    wrong."

<div class="paragraph"> </div>

    In order to prove this, we'll need a few lemmas, as usual. 
</div>

<div class="doc">
<a id="lab411"></a><h2 class="section">Substitution Lemma</h2>

<div class="paragraph"> </div>

 First, we need an easy extension of the standard substitution
    lemma, along with the same machinery about context invariance that
    we used in the proof of the substitution lemma for the STLC. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.weakening" class="idref" href="#STLCRef.weakening"><span class="id" title="lemma">weakening</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:204" class="idref" href="#Gamma:204"><span class="id" title="binder">Gamma</span></a> <a id="Gamma':205" class="idref" href="#Gamma':205"><span class="id" title="binder">Gamma'</span></a> <a id="ST:206" class="idref" href="#ST:206"><span class="id" title="binder">ST</span></a> <a id="t:207" class="idref" href="#t:207"><span class="id" title="binder">t</span></a> <a id="T:208" class="idref" href="#T:208"><span class="id" title="binder">T</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">inclusion</span> <a class="idref" href="References.html#Gamma:204"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#Gamma':205"><span class="id" title="variable">Gamma'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:204"><span class="id" title="variable">Gamma</span></a>  <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:206"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:207"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:208"><span class="id" title="variable">T</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma':205"><span class="id" title="variable">Gamma'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:206"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:207"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:208"><span class="id" title="variable">T</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">Gamma</span> <span class="id" title="var">Gamma'</span> <span class="id" title="var">ST</span> <span class="id" title="var">t</span> <span class="id" title="var">T</span> <span class="id" title="var">H</span> <span class="id" title="var">Ht</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">Gamma'</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">Ht</span>; <span class="id" title="tactic">eauto</span> <span class="id" title="keyword">using</span> <span class="id" title="lemma">inclusion_update</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.weakening_empty" class="idref" href="#STLCRef.weakening_empty"><span class="id" title="lemma">weakening_empty</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:209" class="idref" href="#Gamma:209"><span class="id" title="binder">Gamma</span></a> <a id="ST:210" class="idref" href="#ST:210"><span class="id" title="binder">ST</span></a> <a id="t:211" class="idref" href="#t:211"><span class="id" title="binder">t</span></a> <a id="T:212" class="idref" href="#T:212"><span class="id" title="binder">T</span></a>,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:210"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:211"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:212"><span class="id" title="variable">T</span></a>  <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:209"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:210"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:211"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:212"><span class="id" title="variable">T</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">Gamma</span> <span class="id" title="var">ST</span> <span class="id" title="var">t</span> <span class="id" title="var">T</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.weakening"><span class="id" title="lemma">weakening</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">discriminate</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.substitution_preserves_typing" class="idref" href="#STLCRef.substitution_preserves_typing"><span class="id" title="lemma">substitution_preserves_typing</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:213" class="idref" href="#Gamma:213"><span class="id" title="binder">Gamma</span></a> <a id="ST:214" class="idref" href="#ST:214"><span class="id" title="binder">ST</span></a> <a id="x:215" class="idref" href="#x:215"><span class="id" title="binder">x</span></a> <a id="U:216" class="idref" href="#U:216"><span class="id" title="binder">U</span></a> <a id="t:217" class="idref" href="#t:217"><span class="id" title="binder">t</span></a> <a id="v:218" class="idref" href="#v:218"><span class="id" title="binder">v</span></a> <a id="T:219" class="idref" href="#T:219"><span class="id" title="binder">T</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">(</span></a><span class="id" title="definition">update</span> <a class="idref" href="References.html#Gamma:213"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#x:215"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#U:216"><span class="id" title="variable">U</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">);</span></a> <a class="idref" href="References.html#ST:214"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:217"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:219"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:214"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#v:218"><span class="id" title="variable">v</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#U:216"><span class="id" title="variable">U</span></a>   <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:213"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:214"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#x:215"><span class="id" title="variable">x</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a><a class="idref" href="References.html#v:218"><span class="id" title="variable">v</span></a><a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a><a class="idref" href="References.html#t:217"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:219"><span class="id" title="variable">T</span></a>.<br/>
<div class="togglescript" id="proofcontrol9" onclick="toggleDisplay('proof9');toggleDisplay('proofcontrol9')"><span class="show"></span></div>
<div class="proofscript" id="proof9" onclick="toggleDisplay('proof9');toggleDisplay('proofcontrol9')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">Gamma</span> <span class="id" title="var">ST</span> <span class="id" title="var">x</span> <span class="id" title="var">U</span> <span class="id" title="var">t</span> <span class="id" title="var">v</span> <span class="id" title="var">T</span> <span class="id" title="var">Ht</span> <span class="id" title="var">Hv</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">Gamma</span>. <span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">T</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">t</span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">T</span> <span class="id" title="var">Gamma</span> <span class="id" title="var">H</span>;<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;in&nbsp;each&nbsp;case,&nbsp;we'll&nbsp;want&nbsp;to&nbsp;get&nbsp;at&nbsp;the&nbsp;derivation&nbsp;of&nbsp;H&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">H</span>; <span class="id" title="tactic">clear</span> <span class="id" title="var">H</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">simpl</span>; <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;var&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rename</span> <span class="id" title="var">s</span> <span class="id" title="var">into</span> <span class="id" title="var">y</span>. <span class="id" title="tactic">destruct</span> (<span class="id" title="axiom">eqb_stringP</span> <span class="id" title="var">x</span> <span class="id" title="var">y</span>); <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;x=y&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_eq</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">injection</span> <span class="id" title="var">H<sub>2</sub></span> <span class="id" title="keyword">as</span> <span class="id" title="var">H<sub>2</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.weakening_empty"><span class="id" title="lemma">weakening_empty</span></a>. <span class="id" title="tactic">assumption</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;x&lt;&gt;y&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.T_Var"><span class="id" title="constructor">T_Var</span></a>. <span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_neq</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>2</sub></span>; <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;abs&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rename</span> <span class="id" title="var">s</span> <span class="id" title="var">into</span> <span class="id" title="var">y</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> (<span class="id" title="axiom">eqb_stringP</span> <span class="id" title="var">x</span> <span class="id" title="var">y</span>); <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.T_Abs"><span class="id" title="constructor">T_Abs</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;x=y&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_shadow</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>5</sub></span>. <span class="id" title="tactic">assumption</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;x&lt;&gt;y&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">IHt</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_permute</span>; <span class="id" title="tactic">auto</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab412"></a><h2 class="section">Assignment Preserves Store Typing</h2>

<div class="paragraph"> </div>

 Next, we must show that replacing the contents of a cell in the
    store with a new value of appropriate type does not change the
    overall type of the store.  (This is needed for the <span class="inlinecode"><span class="id" title="var">ST_Assign</span></span>
    rule.) 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.assign_pres_store_typing" class="idref" href="#STLCRef.assign_pres_store_typing"><span class="id" title="lemma">assign_pres_store_typing</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:220" class="idref" href="#ST:220"><span class="id" title="binder">ST</span></a> <a id="st:221" class="idref" href="#st:221"><span class="id" title="binder">st</span></a> <a id="l:222" class="idref" href="#l:222"><span class="id" title="binder">l</span></a> <a id="t:223" class="idref" href="#t:223"><span class="id" title="binder">t</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#l:222"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Peano.html#::nat_scope:x_'&lt;'_x"><span class="id" title="notation">&lt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#st:221"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:220"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:221"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:220"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:223"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <a class="idref" href="References.html#l:222"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#ST:220"><span class="id" title="variable">ST</span></a><a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:220"><span class="id" title="variable">ST</span></a> (<a class="idref" href="References.html#STLCRef.replace"><span class="id" title="definition">replace</span></a> <a class="idref" href="References.html#l:222"><span class="id" title="variable">l</span></a> <a class="idref" href="References.html#t:223"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#st:221"><span class="id" title="variable">st</span></a>).<br/>
<div class="togglescript" id="proofcontrol10" onclick="toggleDisplay('proof10');toggleDisplay('proofcontrol10')"><span class="show"></span></div>
<div class="proofscript" id="proof10" onclick="toggleDisplay('proof10');toggleDisplay('proofcontrol10')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">ST</span> <span class="id" title="var">st</span> <span class="id" title="var">l</span> <span class="id" title="var">t</span> <span class="id" title="var">Hlen</span> <span class="id" title="var">HST</span> <span class="id" title="var">Ht</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">HST</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">split</span>. <span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.length_replace"><span class="id" title="lemma">length_replace</span></a>...<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">l'</span> <span class="id" title="var">Hl'</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> (<span class="id" title="var">l'</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ad2ec4e405f68c46c0a176e3e94ae2e<sub>3</sub>"><span class="id" title="notation">=?</span></a> <span class="id" title="var">l</span>) <span class="id" title="var">eqn</span>: <span class="id" title="var">Heqll'</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;l'&nbsp;=&nbsp;l&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#Nat.eqb_eq"><span class="id" title="lemma">eqb_eq</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Heqll'</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.lookup_replace_eq"><span class="id" title="lemma">lookup_replace_eq</span></a>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;l'&nbsp;&lt;&gt;&nbsp;l&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#Nat.eqb_neq"><span class="id" title="lemma">eqb_neq</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Heqll'</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.lookup_replace_neq"><span class="id" title="lemma">lookup_replace_neq</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.length_replace"><span class="id" title="lemma">length_replace</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Hl'</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab413"></a><h2 class="section">Weakening for Stores</h2>

<div class="paragraph"> </div>

 Finally, we need a lemma on store typings, stating that, if a
    store typing is extended with a new location, the extended one
    still allows us to assign the same types to the same terms as the
    original.

<div class="paragraph"> </div>

    (The lemma is called <span class="inlinecode"><span class="id" title="var">store_weakening</span></span> because it resembles the
    "weakening" lemmas found in proof theory, which show that adding a
    new assumption to some logical theory does not decrease the set of
    provable theorems.) 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.store_weakening" class="idref" href="#STLCRef.store_weakening"><span class="id" title="lemma">store_weakening</span></a> : <span class="id" title="keyword">∀</span> <a id="Gamma:224" class="idref" href="#Gamma:224"><span class="id" title="binder">Gamma</span></a> <a id="ST:225" class="idref" href="#ST:225"><span class="id" title="binder">ST</span></a> <a id="ST':226" class="idref" href="#ST':226"><span class="id" title="binder">ST'</span></a> <a id="t:227" class="idref" href="#t:227"><span class="id" title="binder">t</span></a> <a id="T:228" class="idref" href="#T:228"><span class="id" title="binder">T</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':226"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:225"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:224"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:225"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:227"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:228"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#Gamma:224"><span class="id" title="variable">Gamma</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST':226"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:227"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:228"><span class="id" title="variable">T</span></a>.<br/>
<div class="togglescript" id="proofcontrol11" onclick="toggleDisplay('proof11');toggleDisplay('proofcontrol11')"><span class="show"></span></div>
<div class="proofscript" id="proof11" onclick="toggleDisplay('proof11');toggleDisplay('proofcontrol11')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span>. <span class="id" title="tactic">induction</span> <span class="id" title="var">H<sub>0</sub></span>; <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Loc&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> &lt;- (<a class="idref" href="References.html#STLCRef.extends_lookup"><span class="id" title="lemma">extends_lookup</span></a> <span class="id" title="var">_</span> <span class="id" title="var">_</span> <span class="id" title="var">ST'</span>)...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.T_Loc"><span class="id" title="constructor">T_Loc</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.length_extends"><span class="id" title="lemma">length_extends</span></a>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
We can use the <span class="inlinecode"><span class="id" title="var">store_weakening</span></span> lemma to prove that if a store is
    well typed with respect to a store typing, then the store extended
    with a new term <span class="inlinecode"><span class="id" title="var">t</span></span> will still be well typed with respect to the
    store typing extended with <span class="inlinecode"><span class="id" title="var">t</span></span>'s type. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.store_well_typed_app" class="idref" href="#STLCRef.store_well_typed_app"><span class="id" title="lemma">store_well_typed_app</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:229" class="idref" href="#ST:229"><span class="id" title="binder">ST</span></a> <a id="st:230" class="idref" href="#st:230"><span class="id" title="binder">st</span></a> <a id="t<sub>1</sub>:231" class="idref" href="#t<sub>1</sub>:231"><span class="id" title="binder">t<sub>1</sub></span></a> <a id="T<sub>1</sub>:232" class="idref" href="#T<sub>1</sub>:232"><span class="id" title="binder">T<sub>1</sub></span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:229"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:230"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:229"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t<sub>1</sub>:231"><span class="id" title="variable">t<sub>1</sub></span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T<sub>1</sub>:232"><span class="id" title="variable">T<sub>1</sub></span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> (<a class="idref" href="References.html#ST:229"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <a class="idref" href="References.html#T<sub>1</sub>:232"><span class="id" title="variable">T<sub>1</sub></span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>) (<a class="idref" href="References.html#st:230"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <a class="idref" href="References.html#t<sub>1</sub>:231"><span class="id" title="variable">t<sub>1</sub></span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>).<br/>
<div class="togglescript" id="proofcontrol12" onclick="toggleDisplay('proof12');toggleDisplay('proofcontrol12')"><span class="show"></span></div>
<div class="proofscript" id="proof12" onclick="toggleDisplay('proof12');toggleDisplay('proofcontrol12')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <span class="id" title="keyword">in</span> ×.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Hlen</span> <span class="id" title="var">Hmatch</span>].<br/>
&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_length"><span class="id" title="lemma">app_length</span></a>, <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#Nat.add_comm"><span class="id" title="lemma">add_comm</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_length"><span class="id" title="lemma">app_length</span></a>, <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#Nat.add_comm"><span class="id" title="lemma">add_comm</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">split</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;types&nbsp;match.&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">l</span> <span class="id" title="var">Hl</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_lookup"><span class="id" title="definition">store_lookup</span></a>, <a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Compare_dec.html#le_lt_eq_dec"><span class="id" title="definition">le_lt_eq_dec</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Hl</span>; <span class="id" title="tactic">destruct</span> <span class="id" title="var">Hl</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Hlt</span> | <span class="id" title="var">Heq</span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;l&nbsp;&lt;&nbsp;length&nbsp;st&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Lt.html#lt_S_n"><span class="id" title="lemma">lt_S_n</span></a> <span class="id" title="keyword">in</span> <span class="id" title="var">Hlt</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> !<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_nth1"><span class="id" title="lemma">app_nth1</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.store_weakening"><span class="id" title="lemma">store_weakening</span></a> <span class="id" title="keyword">with</span> <span class="id" title="var">ST</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.extends_app"><span class="id" title="lemma">extends_app</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">Hmatch</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="id" title="tactic">rewrite</span> <span class="id" title="var">Hlen</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;l&nbsp;=&nbsp;length&nbsp;st&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">injection</span> <span class="id" title="var">Heq</span> <span class="id" title="keyword">as</span> <span class="id" title="var">Heq</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_nth2"><span class="id" title="lemma">app_nth2</span></a>; <span class="id" title="tactic">try</span> <span class="id" title="var">lia</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> &lt;- <span class="id" title="var">Hlen</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Minus.html#minus_diag"><span class="id" title="abbreviation">minus_diag</span></a>. <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.store_weakening"><span class="id" title="lemma">store_weakening</span></a> <span class="id" title="keyword">with</span> <span class="id" title="var">ST</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.extends_app"><span class="id" title="lemma">extends_app</span></a>. }<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_nth2"><span class="id" title="lemma">app_nth2</span></a>; [|<span class="id" title="var">lia</span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.Minus.html#minus_diag"><span class="id" title="abbreviation">minus_diag</span></a>. <span class="id" title="tactic">simpl</span>. <span class="id" title="tactic">assumption</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab414"></a><h2 class="section">Preservation!</h2>

<div class="paragraph"> </div>

 Now that we've got everything set up right, the proof of
    preservation is actually quite straightforward.  
<div class="paragraph"> </div>

 Begin with one technical lemma: 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.nth_eq_last" class="idref" href="#STLCRef.nth_eq_last"><span class="id" title="lemma">nth_eq_last</span></a> : <span class="id" title="keyword">∀</span> <a id="A:233" class="idref" href="#A:233"><span class="id" title="binder">A</span></a> (<a id="l:234" class="idref" href="#l:234"><span class="id" title="binder">l</span></a>:<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#list"><span class="id" title="inductive">list</span></a> <a class="idref" href="References.html#A:233"><span class="id" title="variable">A</span></a>) <a id="x:235" class="idref" href="#x:235"><span class="id" title="binder">x</span></a> <a id="d:236" class="idref" href="#d:236"><span class="id" title="binder">d</span></a>,<br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#nth"><span class="id" title="definition">nth</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <a class="idref" href="References.html#l:234"><span class="id" title="variable">l</span></a>) (<a class="idref" href="References.html#l:234"><span class="id" title="variable">l</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <a class="idref" href="References.html#x:235"><span class="id" title="variable">x</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>) <a class="idref" href="References.html#d:236"><span class="id" title="variable">d</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#6cd0f7b28b6092304087c7049437bb1a"><span class="id" title="notation">=</span></a> <a class="idref" href="References.html#x:235"><span class="id" title="variable">x</span></a>.<br/>
<div class="togglescript" id="proofcontrol13" onclick="toggleDisplay('proof13');toggleDisplay('proofcontrol13')"><span class="show"></span></div>
<div class="proofscript" id="proof13" onclick="toggleDisplay('proof13');toggleDisplay('proofcontrol13')">
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">l</span>; <span class="id" title="tactic">intros</span>; [ <span class="id" title="tactic">auto</span> | <span class="id" title="tactic">simpl</span>; <span class="id" title="tactic">rewrite</span> <span class="id" title="var">IHl</span>; <span class="id" title="tactic">auto</span> ].<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
And here, at last, is the preservation theorem and proof: 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="STLCRef.preservation" class="idref" href="#STLCRef.preservation"><span class="id" title="lemma">preservation</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:237" class="idref" href="#ST:237"><span class="id" title="binder">ST</span></a> <a id="t:238" class="idref" href="#t:238"><span class="id" title="binder">t</span></a> <a id="t':239" class="idref" href="#t':239"><span class="id" title="binder">t'</span></a> <a id="T:240" class="idref" href="#T:240"><span class="id" title="binder">T</span></a> <a id="st:241" class="idref" href="#st:241"><span class="id" title="binder">st</span></a> <a id="st':242" class="idref" href="#st':242"><span class="id" title="binder">st'</span></a>,<br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:237"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:238"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:240"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:237"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:241"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#t:238"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:241"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t':239"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':242"><span class="id" title="variable">st'</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="ST':243" class="idref" href="#ST':243"><span class="id" title="binder">ST'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.extends"><span class="id" title="inductive">extends</span></a> <a class="idref" href="References.html#ST':243"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ST:237"><span class="id" title="variable">ST</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST':243"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t':239"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:240"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#ba2b0e492d2b4675a0acf3ea92aabadd"><span class="id" title="notation">∧</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST':243"><span class="id" title="variable">ST'</span></a> <a class="idref" href="References.html#st':242"><span class="id" title="variable">st'</span></a>.<br/>
<div class="togglescript" id="proofcontrol14" onclick="toggleDisplay('proof14');toggleDisplay('proofcontrol14')"><span class="show"></span></div>
<div class="proofscript" id="proof14" onclick="toggleDisplay('proof14');toggleDisplay('proofcontrol14')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span> <span class="id" title="keyword">using</span> <a class="idref" href="References.html#STLCRef.store_weakening"><span class="id" title="lemma">store_weakening</span></a>, <a class="idref" href="References.html#STLCRef.extends_refl"><span class="id" title="lemma">extends_refl</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="var">remember</span> <span class="id" title="definition">empty</span> <span class="id" title="keyword">as</span> <span class="id" title="var">Gamma</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">ST</span> <span class="id" title="var">t</span> <span class="id" title="var">t'</span> <span class="id" title="var">T</span> <span class="id" title="var">st</span> <span class="id" title="var">st'</span> <span class="id" title="var">Ht</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">generalize</span> <span class="id" title="tactic">dependent</span> <span class="id" title="var">t'</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">Ht</span>; <span class="id" title="tactic">intros</span> <span class="id" title="var">t'</span> <span class="id" title="var">HST</span> <span class="id" title="var">Hstep</span>;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>; <span class="id" title="tactic">inversion</span> <span class="id" title="var">Hstep</span>; <span class="id" title="tactic">subst</span>;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">try</span> (<span class="id" title="tactic">eauto</span> <span class="id" title="keyword">using</span> <a class="idref" href="References.html#STLCRef.store_weakening"><span class="id" title="lemma">store_weakening</span></a>, <a class="idref" href="References.html#STLCRef.extends_refl"><span class="id" title="lemma">extends_refl</span></a>).<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;T_App&nbsp;*)</span><br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_AppAbs&nbsp;*)</span> <span class="id" title="tactic">∃</span> <span class="id" title="var">ST</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>1</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">split</span>... <span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.substitution_preserves_typing"><span class="id" title="lemma">substitution_preserves_typing</span></a>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_App1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_App2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>5</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>5</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Succ&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Succ&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Pred&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_Pred&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;T_Mult&nbsp;*)</span><br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Mult1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Mult2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>5</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>5</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_If<sub>0</sub>&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;ST_If0_1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>. <span class="id" title="tactic">split</span>...<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;T_Ref&nbsp;*)</span><br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_RefValue&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> (<span class="id" title="var">ST</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <span class="id" title="var">T<sub>1</sub></span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">HST</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.extends_app"><span class="id" title="lemma">extends_app</span></a>. }<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">split</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;{ <span class="id" title="tactic">replace</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <span class="id" title="var">T<sub>1</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="keyword">with</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#length"><span class="id" title="abbreviation">length</span></a> <span class="id" title="var">st</span>) (<span class="id" title="var">ST</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#bc347c51eaf667706ae54503b26d52c<sub>6</sub>"><span class="id" title="notation">++</span></a> <span class="id" title="var">T<sub>1</sub></span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#::list_scope:x_'::'_x"><span class="id" title="notation">::</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>)<a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.T_Loc"><span class="id" title="constructor">T_Loc</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> &lt;- <span class="id" title="var">H</span>. <span class="id" title="tactic">rewrite</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Lists.List.html#app_length"><span class="id" title="lemma">app_length</span></a>, <a class="idref" href="http://coq.inria.fr/library//Coq.Arith.PeanoNat.html#Nat.add_comm"><span class="id" title="lemma">add_comm</span></a>. <span class="id" title="tactic">simpl</span>. <span class="id" title="var">lia</span>. }<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a>. <span class="id" title="tactic">rewrite</span> &lt;- <span class="id" title="var">H</span>. <span class="id" title="tactic">rewrite</span> <a class="idref" href="References.html#STLCRef.nth_eq_last"><span class="id" title="lemma">nth_eq_last</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">reflexivity</span>. }<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.store_well_typed_app"><span class="id" title="lemma">store_well_typed_app</span></a>; <span class="id" title="tactic">assumption</span>.<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Ref&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;T_Deref&nbsp;*)</span><br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_DerefLoc&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST</span>. <span class="id" title="tactic">split</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">split</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">HST</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">_</span> <span class="id" title="var">Hsty</span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">replace</span> <span class="id" title="var">T<sub>1</sub></span> <span class="id" title="keyword">with</span> (<a class="idref" href="References.html#STLCRef.store_Tlookup"><span class="id" title="definition">store_Tlookup</span></a> <span class="id" title="var">l</span> <span class="id" title="var">ST</span>).<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">apply</span> <span class="id" title="var">Hsty</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht</span>; <span class="id" title="tactic">subst</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Deref&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;T_Assign&nbsp;*)</span><br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Assign&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST</span>. <span class="id" title="tactic">split</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">split</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.assign_pres_store_typing"><span class="id" title="lemma">assign_pres_store_typing</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>1</sub></span>; <span class="id" title="tactic">subst</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Assign1&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>0</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>0</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;ST_Assign2&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>5</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">H<sub>5</sub></span> <span class="id" title="keyword">as</span> [<span class="id" title="var">ST'</span> [<span class="id" title="var">Hext</span> [<span class="id" title="var">Hty</span> <span class="id" title="var">Hsty</span>]]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <span class="id" title="var">ST'</span>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab415"></a><h4 class="section">Exercise: 3 stars, standard (preservation_informal)</h4>
 Write a careful informal proof of the preservation theorem,
    concentrating on the <span class="inlinecode"><span class="id" title="var">T_App</span></span>, <span class="inlinecode"><span class="id" title="var">T_Deref</span></span>, <span class="inlinecode"><span class="id" title="var">T_Assign</span></span>, and <span class="inlinecode"><span class="id" title="var">T_Ref</span></span>
    cases.

<div class="paragraph"> </div>

<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span><br/>
 
</div>
<div class="code">

<span class="comment">(*&nbsp;Do&nbsp;not&nbsp;modify&nbsp;the&nbsp;following&nbsp;line:&nbsp;*)</span><br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.manual_grade_for_preservation_informal" class="idref" href="#STLCRef.manual_grade_for_preservation_informal"><span class="id" title="definition">manual_grade_for_preservation_informal</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#option"><span class="id" title="inductive">option</span></a> (<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nat"><span class="id" title="inductive">nat</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#11c698c8685bb8ab1cf725545c085ac<sub>4</sub>"><span class="id" title="notation">×</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Strings.String.html#string"><span class="id" title="inductive">string</span></a>) := <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#None"><span class="id" title="constructor">None</span></a>.<br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab416"></a><h2 class="section">Progress</h2>

<div class="paragraph"> </div>

 As we've said, progress for this system is pretty easy to prove;
    the proof is very similar to the proof of progress for the STLC,
    with a few new cases for the new syntactic constructs. 
</div>
<div class="code">

<span class="id" title="keyword">Theorem</span> <a id="STLCRef.progress" class="idref" href="#STLCRef.progress"><span class="id" title="lemma">progress</span></a> : <span class="id" title="keyword">∀</span> <a id="ST:244" class="idref" href="#ST:244"><span class="id" title="binder">ST</span></a> <a id="t:245" class="idref" href="#t:245"><span class="id" title="binder">t</span></a> <a id="T:246" class="idref" href="#T:246"><span class="id" title="binder">T</span></a> <a id="st:247" class="idref" href="#st:247"><span class="id" title="binder">st</span></a>,<br/>
&nbsp;&nbsp;<span class="id" title="definition">empty</span> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#ST:244"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#t:245"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:246"><span class="id" title="variable">T</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.store_well_typed"><span class="id" title="definition">store_well_typed</span></a> <a class="idref" href="References.html#ST:244"><span class="id" title="variable">ST</span></a> <a class="idref" href="References.html#st:247"><span class="id" title="variable">st</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.value"><span class="id" title="inductive">value</span></a> <a class="idref" href="References.html#t:245"><span class="id" title="variable">t</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#f031fe1957c4a4a8e217aa46af2b4e<sub>25</sub>"><span class="id" title="notation">∨</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="t':248" class="idref" href="#t':248"><span class="id" title="binder">t'</span></a> <a id="st':249" class="idref" href="#st':249"><span class="id" title="binder">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#t:245"><span class="id" title="variable">t</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st:247"><span class="id" title="variable">st</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span></span></a> <a class="idref" href="References.html#t':248"><span class="id" title="variable">t'</span></a> <a class="idref" href="References.html#52c1db39972e4cbec4580651bf814ae<sub>4</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="References.html#st':249"><span class="id" title="variable">st'</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">)</span></a>.<br/>
<div class="togglescript" id="proofcontrol15" onclick="toggleDisplay('proof15');toggleDisplay('proofcontrol15')"><span class="show"></span></div>
<div class="proofscript" id="proof15" onclick="toggleDisplay('proof15');toggleDisplay('proofcontrol15')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">intros</span> <span class="id" title="var">ST</span> <span class="id" title="var">t</span> <span class="id" title="var">T</span> <span class="id" title="var">st</span> <span class="id" title="var">Ht</span> <span class="id" title="var">HST</span>. <span class="id" title="var">remember</span> <span class="id" title="definition">empty</span> <span class="id" title="keyword">as</span> <span class="id" title="var">Gamma</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">induction</span> <span class="id" title="var">Ht</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_App&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht2p</span> | <span class="id" title="var">Ht2p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>2</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht2p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>2</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a> <span class="id" title="var">x<sub>0</sub></span> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <span class="id" title="var">T<sub>0</sub></span><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <span class="id" title="var">t<sub>0</sub></span><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <span class="id" title="var">t<sub>2</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Succ&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [ <span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht</span> ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;const&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#S"><span class="id" title="constructor">S</span></a> <span class="id" title="var">n</span><a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'succ'_x"><span class="id" title="notation">succ</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Pred&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht</span> ].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;const&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><span class="id" title="var">n</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#::nat_scope:x_'-'_x"><span class="id" title="notation">-</span></a> 1<a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'pred'_x"><span class="id" title="notation">pred</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Mult&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>1</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht2p</span> | <span class="id" title="var">Ht2p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>2</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht2p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>2</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">{</span></a><span class="id" title="var">n</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Nat.html#ea2ff3d561159081cea6fb2e8113cc<sub>54</sub>"><span class="id" title="notation">×</span></a> <span class="id" title="var">n<sub>0</sub></span><a class="idref" href="References.html#4fd5514b3ffd220ca15884061cca2343"><span class="id" title="notation">}</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>2</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht2p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>2</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">n</span> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <span class="id" title="var">t<sub>2</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#aefa1df20f40a8331bf6423412f1c115"><span class="id" title="notation">×</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_If<sub>0</sub>&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>1</sub></span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">n</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;n&nbsp;=&nbsp;0&nbsp;*)</span> <span class="id" title="tactic">∃</span> <span class="id" title="var">t<sub>2</sub></span>, <span class="id" title="var">st</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;n&nbsp;=&nbsp;S&nbsp;n'&nbsp;*)</span> <span class="id" title="tactic">∃</span> <span class="id" title="var">t<sub>3</sub></span>, <span class="id" title="var">st</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">if<sub>0</sub></span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">then</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#STLCRef.:stlc::'if<sub>0</sub>'_x_'then'_x_'else'_x"><span class="id" title="notation">else</span></a> <span class="id" title="var">t<sub>3</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Ref&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a><a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <span class="id" title="var">t<sub>1</sub>'</span><a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Deref&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span> | <span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.ST_DerefLoc"><span class="id" title="constructor">ST_DerefLoc</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht</span>; <span class="id" title="tactic">subst</span>. <span class="id" title="tactic">inversion</span> <span class="id" title="var">HST</span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> &lt;- <span class="id" title="var">H</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;- <span class="comment">(*&nbsp;T_Assign&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">right</span>. <span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt1</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht1p</span>|<span class="id" title="var">Ht1p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">IHHt2</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">Ht2p</span>|<span class="id" title="var">Ht2p</span>]...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>2</sub>&nbsp;is&nbsp;a&nbsp;value&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht1p</span>; <span class="id" title="tactic">subst</span>; <span class="id" title="tactic">try</span> <span class="id" title="var">solve_by_invert</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.ST_Assign"><span class="id" title="constructor">ST_Assign</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">inversion</span> <span class="id" title="var">HST</span>; <span class="id" title="tactic">subst</span>. <span class="id" title="tactic">inversion</span> <span class="id" title="var">Ht<sub>1</sub></span>; <span class="id" title="tactic">subst</span>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="var">H</span> <span class="id" title="keyword">in</span> <span class="id" title="var">H<sub>4</sub></span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;× <span class="comment">(*&nbsp;t<sub>2</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht2p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>2</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">t<sub>1</sub></span> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <span class="id" title="var">t<sub>2</sub>'</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;+ <span class="comment">(*&nbsp;t<sub>1</sub>&nbsp;steps&nbsp;*)</span><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">destruct</span> <span class="id" title="var">Ht1p</span> <span class="id" title="keyword">as</span> [<span class="id" title="var">t<sub>1</sub>'</span> [<span class="id" title="var">st'</span> <span class="id" title="var">Hstep</span>]].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">∃</span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <span class="id" title="var">t<sub>1</sub>'</span> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <span class="id" title="var">t<sub>2</sub></span> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>, <span class="id" title="var">st'</span>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab417"></a><h1 class="section">References and Nontermination</h1>

<div class="paragraph"> </div>

 An important fact about the STLC (proved in chapter <a href="Norm.html"><span class="inlineref">Norm</span></a>) is
    that it is is <i>normalizing</i> -- that is, every well-typed term can
    be reduced to a value in a finite number of steps.

<div class="paragraph"> </div>

    What about STLC + references?  Surprisingly, adding references
    causes us to lose the normalization property: there exist
    well-typed terms in the STLC + references which can continue to
    reduce forever, without ever reaching a normal form!

<div class="paragraph"> </div>

    How can we construct such a term?  The main idea is to make a
    function which calls itself.  We first make a function which calls
    another function stored in a reference cell; the trick is that we
    then smuggle in a reference to itself!
<pre>
   (\r:Ref (Unit <span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:5%;'><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span> Unit).
        r := (\x:Unit.(!r) unit); (!r) unit)
   (ref (\x:Unit.unit))
</pre>
   First, <span class="inlinecode"><span class="id" title="var">ref</span></span> <span class="inlinecode">(\<span class="id" title="var">x</span>:<span class="id" title="var">Unit.unit</span>)</span> creates a reference to a cell of type
   <span class="inlinecode"><span class="id" title="var">Unit</span></span> <span class="inlinecode">→</span> <span class="inlinecode"><span class="id" title="var">Unit</span></span>.  We then pass this reference as the argument to a
   function which binds it to the name <span class="inlinecode"><span class="id" title="var">r</span></span>, and assigns to it the
   function <span class="inlinecode">\<span class="id" title="var">x</span>:<span class="id" title="var">Unit</span>.(!<span class="id" title="var">r</span>)</span> <span class="inlinecode"><span class="id" title="var">unit</span></span> -- that is, the function which ignores
   its argument and calls the function stored in <span class="inlinecode"><span class="id" title="var">r</span></span> on the argument
   <span class="inlinecode"><span class="id" title="var">unit</span></span>; but of course, that function is itself!  To start the
   divergent loop, we execute the function stored in the cell by
   evaluating <span class="inlinecode">(!<span class="id" title="var">r</span>)</span> <span class="inlinecode"><span class="id" title="var">unit</span></span>.

<div class="paragraph"> </div>

   Here is the divergent term in Coq: 
</div>
<div class="code">

<span class="id" title="keyword">Module</span> <a id="STLCRef.ExampleVariables" class="idref" href="#STLCRef.ExampleVariables"><span class="id" title="module">ExampleVariables</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Open</span> <span class="id" title="keyword">Scope</span> <span class="id" title="var">string_scope</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.ExampleVariables.x" class="idref" href="#STLCRef.ExampleVariables.x"><span class="id" title="definition">x</span></a> := "x".<br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.ExampleVariables.y" class="idref" href="#STLCRef.ExampleVariables.y"><span class="id" title="definition">y</span></a> := "y".<br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.ExampleVariables.r" class="idref" href="#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> := "r".<br/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.ExampleVariables.s" class="idref" href="#STLCRef.ExampleVariables.s"><span class="id" title="definition">s</span></a> := "s".<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">End</span> <a class="idref" href="References.html#STLCRef.ExampleVariables"><span class="id" title="module">ExampleVariables</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Module</span> <a id="STLCRef.RefsAndNontermination" class="idref" href="#STLCRef.RefsAndNontermination"><span class="id" title="module">RefsAndNontermination</span></a>.<br/>
<span class="id" title="keyword">Import</span> <span class="id" title="var">ExampleVariables</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.RefsAndNontermination.loop_fun" class="idref" href="#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a> :=<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.x"><span class="id" title="definition">x</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.RefsAndNontermination.loop" class="idref" href="#STLCRef.RefsAndNontermination.loop"><span class="id" title="definition">loop</span></a> :=<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Ref'_x"><span class="id" title="notation">Ref</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a> <a class="idref" href="References.html#STLCRef.:stlc::x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">((</span></a> <a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> <a class="idref" href="References.html#c9336c07d043872f48e6c531eccadb3e"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a><a class="idref" href="References.html#cd8fd2f0f5bd1b2ecea4cab15254e7e<sub>4</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">))</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'ref'_x"><span class="id" title="notation">ref</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.x"><span class="id" title="definition">x</span></a> <a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">:</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Unit'"><span class="id" title="notation">Unit</span></a><a class="idref" href="References.html#fcbb07911888b1a4b268f628a4d64735"><span class="id" title="notation">,</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">))</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> .<br/>
</div>

<div class="doc">
This term is well typed: 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.RefsAndNontermination.loop_typeable" class="idref" href="#STLCRef.RefsAndNontermination.loop_typeable"><span class="id" title="lemma">loop_typeable</span></a> : <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">∃</span></a> <a id="T:250" class="idref" href="#T:250"><span class="id" title="binder">T</span></a><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#a883bdd010993579f99d60b3775bcf54"><span class="id" title="notation">,</span></a> <span class="id" title="definition">empty</span><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop"><span class="id" title="definition">loop</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#T:250"><span class="id" title="variable">T</span></a>.<br/>
<div class="togglescript" id="proofcontrol16" onclick="toggleDisplay('proof16');toggleDisplay('proofcontrol16')"><span class="show"></span></div>
<div class="proofscript" id="proof16" onclick="toggleDisplay('proof16');toggleDisplay('proofcontrol16')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eexists</span>. <span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop"><span class="id" title="definition">loop</span></a>. <span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_App"><span class="id" title="constructor">T_App</span></a>...<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Abs"><span class="id" title="constructor">T_Abs</span></a>...<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_App"><span class="id" title="constructor">T_App</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Abs"><span class="id" title="constructor">T_Abs</span></a>. <span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_App"><span class="id" title="constructor">T_App</span></a>. <span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Deref"><span class="id" title="constructor">T_Deref</span></a>. <span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Var"><span class="id" title="constructor">T_Var</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_neq</span>; [|<span class="id" title="tactic">intros</span>; <span class="id" title="tactic">discriminate</span>].<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_eq</span>. <span class="id" title="tactic">reflexivity</span>. <span class="id" title="tactic">auto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Assign"><span class="id" title="constructor">T_Assign</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Var"><span class="id" title="constructor">T_Var</span></a>. <span class="id" title="tactic">rewrite</span> <span class="id" title="lemma">update_eq</span>. <span class="id" title="tactic">reflexivity</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Abs"><span class="id" title="constructor">T_Abs</span></a>.<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_App"><span class="id" title="constructor">T_App</span></a>...<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Deref"><span class="id" title="constructor">T_Deref</span></a>. <span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.T_Var"><span class="id" title="constructor">T_Var</span></a>. <span class="id" title="tactic">reflexivity</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
To show formally that the term diverges, we first define the
    <span class="inlinecode"><span class="id" title="var">step_closure</span></span> of the single-step reduction relation, written
    <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>+</span>.  This is just like the reflexive step closure of
    single-step reduction (which we're been writing <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span>), except
    that it is not reflexive: <span class="inlinecode"><span class="id" title="var">t</span></span> <span class="inlinecode"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>+</span> <span class="inlinecode"><span class="id" title="var">t'</span></span> means that <span class="inlinecode"><span class="id" title="var">t</span></span> can reach
    <span class="inlinecode"><span class="id" title="var">t'</span></span> by <i>one or more</i> steps of reduction. 
</div>
<div class="code">

<span class="id" title="keyword">Inductive</span> <a id="STLCRef.RefsAndNontermination.step_closure" class="idref" href="#STLCRef.RefsAndNontermination.step_closure"><span class="id" title="inductive">step_closure</span></a> {<a id="X:251" class="idref" href="#X:251"><span class="id" title="binder">X</span></a>:<span class="id" title="keyword">Type</span>} (<a id="R:252" class="idref" href="#R:252"><span class="id" title="binder">R</span></a>: <a class="idref" href="Smallstep.html#relation"><span class="id" title="definition">relation</span></a> <a class="idref" href="References.html#X:251"><span class="id" title="variable">X</span></a>) : <span class="id" title="var">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="var">X</span> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <span class="id" title="keyword">Prop</span> :=<br/>
&nbsp;&nbsp;| <a id="STLCRef.RefsAndNontermination.sc_one" class="idref" href="#STLCRef.RefsAndNontermination.sc_one"><span class="id" title="constructor">sc_one</span></a>  : <span class="id" title="keyword">∀</span> (<a id="x:255" class="idref" href="#x:255"><span class="id" title="binder">x</span></a> <a id="y:256" class="idref" href="#y:256"><span class="id" title="binder">y</span></a> : <a class="idref" href="References.html#X:251"><span class="id" title="variable">X</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#R:252"><span class="id" title="variable">R</span></a> <a class="idref" href="References.html#x:255"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#y:256"><span class="id" title="variable">y</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#step_closure:253"><span class="id" title="inductive">step_closure</span></a> <a class="idref" href="References.html#R:252"><span class="id" title="variable">R</span></a> <a class="idref" href="References.html#x:255"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#y:256"><span class="id" title="variable">y</span></a><br/>
&nbsp;&nbsp;| <a id="STLCRef.RefsAndNontermination.sc_step" class="idref" href="#STLCRef.RefsAndNontermination.sc_step"><span class="id" title="constructor">sc_step</span></a> : <span class="id" title="keyword">∀</span> (<a id="x:257" class="idref" href="#x:257"><span class="id" title="binder">x</span></a> <a id="y:258" class="idref" href="#y:258"><span class="id" title="binder">y</span></a> <a id="z:259" class="idref" href="#z:259"><span class="id" title="binder">z</span></a> : <a class="idref" href="References.html#X:251"><span class="id" title="variable">X</span></a>),<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#R:252"><span class="id" title="variable">R</span></a> <a class="idref" href="References.html#x:257"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#y:258"><span class="id" title="variable">y</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#step_closure:253"><span class="id" title="inductive">step_closure</span></a> <a class="idref" href="References.html#R:252"><span class="id" title="variable">R</span></a> <a class="idref" href="References.html#y:258"><span class="id" title="variable">y</span></a> <a class="idref" href="References.html#z:259"><span class="id" title="variable">z</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Logic.html#::type_scope:x_'-&gt;'_x"><span class="id" title="notation">→</span></a><br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a class="idref" href="References.html#step_closure:253"><span class="id" title="inductive">step_closure</span></a> <a class="idref" href="References.html#R:252"><span class="id" title="variable">R</span></a> <a class="idref" href="References.html#x:257"><span class="id" title="variable">x</span></a> <a class="idref" href="References.html#z:259"><span class="id" title="variable">z</span></a>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Definition</span> <a id="STLCRef.RefsAndNontermination.multistep1" class="idref" href="#STLCRef.RefsAndNontermination.multistep1"><span class="id" title="definition">multistep1</span></a> := (<a class="idref" href="References.html#STLCRef.RefsAndNontermination.step_closure"><span class="id" title="inductive">step_closure</span></a> <a class="idref" href="References.html#STLCRef.step"><span class="id" title="inductive">step</span></a>).<br/>
<span class="id" title="keyword">Notation</span> <a id="dbc1aeef4a1c2f64067901a68c938858" class="idref" href="#dbc1aeef4a1c2f64067901a68c938858"><span class="id" title="notation">&quot;</span></a>t<sub>1</sub> '/' st '<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>+' t<sub>2</sub> '/' st'" :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<a class="idref" href="References.html#STLCRef.RefsAndNontermination.multistep1"><span class="id" title="definition">multistep1</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t<sub>1</sub></span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">(</span></a><span class="id" title="var">t<sub>2</sub></span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">,</span></a><span class="id" title="var">st'</span><a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#e6756e10c36f149b18b4a8741ed83079"><span class="id" title="notation">)</span></a>)<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(<span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 40, <span class="id" title="var">st</span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39, <span class="id" title="var">t<sub>2</sub></span> <span class="id" title="tactic">at</span> <span class="id" title="keyword">level</span> 39).<br/>
</div>

<div class="doc">
Now, we can show that the expression <span class="inlinecode"><span class="id" title="var">loop</span></span> reduces to the
    expression <span class="inlinecode">!(<span class="id" title="var">loc</span></span> <span class="inlinecode">0)</span> <span class="inlinecode"><span class="id" title="var">unit</span></span> and the size-one store
    <span class="inlinecode">[<span class="id" title="var">r</span>:=(<span class="id" title="var">loc</span></span> <span class="inlinecode">0)]<span class="id" title="var">loop_fun</span></span>. 
<div class="paragraph"> </div>

 As a convenience, we introduce a slight variant of the <span class="inlinecode"><span class="id" title="var">normalize</span></span>
    tactic, called <span class="inlinecode"><span class="id" title="var">reduce</span></span>, which tries solving the goal with
    <span class="inlinecode"><span class="id" title="var">multi_refl</span></span> at each step, instead of waiting until the goal can't
    be reduced any more. Of course, the whole point is that <span class="inlinecode"><span class="id" title="var">loop</span></span>
    doesn't normalize, so the old <span class="inlinecode"><span class="id" title="var">normalize</span></span> tactic would just go
    into an infinite loop reducing it forever! 
</div>
<div class="code">

<span class="id" title="keyword">Ltac</span> <span class="id" title="var">print_goal</span> := <span class="id" title="keyword">match</span> <span class="id" title="keyword">goal</span> <span class="id" title="keyword">with</span> &#x22A2; ?<span class="id" title="var">x</span> ⇒ <span class="id" title="tactic">idtac</span> <span class="id" title="var">x</span> <span class="id" title="keyword">end</span>.<br/>
<span class="id" title="keyword">Ltac</span> <span class="id" title="var">reduce</span> :=<br/>
&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">repeat</span> (<span class="id" title="var">print_goal</span>; <span class="id" title="tactic">eapply</span> <a class="idref" href="Smallstep.html#multi_step"><span class="id" title="constructor">multi_step</span></a> ;<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[ (<span class="id" title="tactic">eauto</span> 10; <span class="id" title="tactic">fail</span>) | (<span class="id" title="tactic">instantiate</span>; <span class="id" title="tactic">compute</span>)];<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="id" title="tactic">try</span> <span class="id" title="tactic">solve</span> [<span class="id" title="tactic">apply</span> <a class="idref" href="Smallstep.html#multi_refl"><span class="id" title="constructor">multi_refl</span></a>]).<br/>
</div>

<div class="doc">
Next, we use <span class="inlinecode"><span class="id" title="var">reduce</span></span> to show that <span class="inlinecode"><span class="id" title="var">loop</span></span> steps to
    <span class="inlinecode">!(<span class="id" title="var">loc</span></span> <span class="inlinecode">0)</span> <span class="inlinecode"><span class="id" title="var">unit</span></span>, starting from the empty store. 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.RefsAndNontermination.loop_steps_to_loop_fun" class="idref" href="#STLCRef.RefsAndNontermination.loop_steps_to_loop_fun"><span class="id" title="lemma">loop_steps_to_loop_fun</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop"><span class="id" title="definition">loop</span></a> <a class="idref" href="References.html#b287434a45944b52264023e0222ca7a<sub>2</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a> <a class="idref" href="References.html#b287434a45944b52264023e0222ca7a<sub>2</sub>"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span></span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">))</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#b287434a45944b52264023e0222ca7a<sub>2</sub>"><span class="id" title="notation">/</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#cons"><span class="id" title="constructor">cons</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>.<br/>
<span class="id" title="keyword">Proof</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop"><span class="id" title="definition">loop</span></a>.<br/>
&nbsp;&nbsp;<span class="id" title="var">reduce</span>.<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>

<div class="doc">
Finally, we show that the latter expression reduces in
    two steps to itself! 
</div>
<div class="code">

<span class="id" title="keyword">Lemma</span> <a id="STLCRef.RefsAndNontermination.loop_fun_step_self" class="idref" href="#STLCRef.RefsAndNontermination.loop_fun_step_self"><span class="id" title="lemma">loop_fun_step_self</span></a> :<br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">))</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#dbc1aeef4a1c2f64067901a68c938858"><span class="id" title="notation">/</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#cons"><span class="id" title="constructor">cons</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a> <a class="idref" href="References.html#dbc1aeef4a1c2f64067901a68c938858"><span class="id" title="notation"><span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span>&gt;</span></span>+</span></a><br/>
&nbsp;&nbsp;<a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#70f28e5c58264a9753710970e9df6ba<sub>2</sub>"><span class="id" title="notation">!</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">))</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'unit'"><span class="id" title="notation">unit</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="References.html#dbc1aeef4a1c2f64067901a68c938858"><span class="id" title="notation">/</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#cons"><span class="id" title="constructor">cons</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">&lt;{</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">[</span></a><a class="idref" href="References.html#STLCRef.ExampleVariables.r"><span class="id" title="definition">r</span></a> <a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">:=</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'loc'_x"><span class="id" title="notation">loc</span></a> 0<a class="idref" href="References.html#b811d80014e4babd27a16e96fb5faa5f"><span class="id" title="notation">]</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a> <a class="idref" href="References.html#35fac1f60887e7b37d44f938e80b2dc<sub>6</sub>"><span class="id" title="notation">}&gt;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a>.<br/>
<div class="togglescript" id="proofcontrol17" onclick="toggleDisplay('proof17');toggleDisplay('proofcontrol17')"><span class="show"></span></div>
<div class="proofscript" id="proof17" onclick="toggleDisplay('proof17');toggleDisplay('proofcontrol17')">
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">unfold</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.loop_fun"><span class="id" title="definition">loop_fun</span></a>; <span class="id" title="tactic">simpl</span>.<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.sc_step"><span class="id" title="constructor">sc_step</span></a>. <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.ST_App1"><span class="id" title="constructor">ST_App1</span></a>...<br/>
&nbsp;&nbsp;<span class="id" title="tactic">eapply</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.sc_one"><span class="id" title="constructor">sc_one</span></a>. <span class="id" title="tactic">compute</span>. <span class="id" title="tactic">apply</span> <a class="idref" href="References.html#STLCRef.ST_AppAbs"><span class="id" title="constructor">ST_AppAbs</span></a>...<br/>
<span class="id" title="keyword">Qed</span>.<br/>
</div>
</div>

<div class="doc">
<a id="lab418"></a><h4 class="section">Exercise: 4 stars, standard (factorial_ref)</h4>
 Use the above ideas to implement a factorial function in STLC with
    references.  (There is no need to prove formally that it really
    behaves like the factorial.  Just uncomment the example below to make
    sure it gives the correct result when applied to the argument
    <span class="inlinecode">4</span>.) 
</div>
<div class="code">

<span class="id" title="keyword">Definition</span> <a id="STLCRef.RefsAndNontermination.factorial" class="idref" href="#STLCRef.RefsAndNontermination.factorial"><span class="id" title="definition">factorial</span></a> : <a class="idref" href="References.html#STLCRef.tm"><span class="id" title="inductive">tm</span></a><br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;REPLACE&nbsp;THIS&nbsp;LINE&nbsp;WITH&nbsp;":=&nbsp;_your_definition_&nbsp;."&nbsp;*)</span>. <span class="id" title="var">Admitted</span>.<br/><hr class='doublespaceincode'/>
<span class="id" title="keyword">Lemma</span> <a id="STLCRef.RefsAndNontermination.factorial_type" class="idref" href="#STLCRef.RefsAndNontermination.factorial_type"><span class="id" title="lemma">factorial_type</span></a> : <span class="id" title="definition">empty</span><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">;</span></a> <a class="idref" href="http://coq.inria.fr/library//Coq.Init.Datatypes.html#nil"><span class="id" title="constructor">nil</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">&#x22A2;</span></a> <a class="idref" href="References.html#STLCRef.RefsAndNontermination.factorial"><span class="id" title="axiom">factorial</span></a> <a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">\</span></a><a class="idref" href="References.html#ad9380196222cb7b7aaff08f043e41e<sub>2</sub>"><span class="id" title="notation">in</span></a> <a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">(</span></a><a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a> <a class="idref" href="References.html#STLCRef.:stlc::x_'-&gt;'_x"><span class="id" title="notation">→</span></a> <a class="idref" href="References.html#STLCRef.:stlc::'Nat'"><span class="id" title="notation">Nat</span></a><a class="idref" href="References.html#0975a85e562f22315b420c8d1c95dd<sub>06</sub>"><span class="id" title="notation">)</span></a>.<br/>
<span class="id" title="keyword">Proof</span> <span class="id" title="keyword">with</span> <span class="id" title="tactic">eauto</span>.<br/>
&nbsp;&nbsp;<span class="comment">(*&nbsp;FILL&nbsp;IN&nbsp;HERE&nbsp;*)</span> <span class="id" title="var">Admitted</span>.<br/>
</div>

<div class="doc">
If your definition is correct, you should be able to just
    uncomment the example below; the proof should be fully
    automatic using the <span class="inlinecode"><span class="id" title="var">reduce</span></span> tactic. 
</div>
<div class="code">

<span class="comment">(*&nbsp;<br/>
Lemma&nbsp;factorial_4&nbsp;:&nbsp;exists&nbsp;st,<br/>
&nbsp;&nbsp;&lt;{&nbsp;factorial&nbsp;4&nbsp;}&gt;&nbsp;/&nbsp;nil&nbsp;<span class="nowrap"><span style='font-size:85%;'><span style='vertical-align:6%;'><span style='letter-spacing:-.2em;'>-</span><span style='letter-spacing:-.2em;'>-</span></span><span style='letter-spacing:-.2em;'>&gt;</span><span style='vertical-align:15%;'>*</span></span></span>&nbsp;tm_const&nbsp;24&nbsp;/&nbsp;st.<br/>
Proof.<br/>
&nbsp;&nbsp;eexists.&nbsp;unfold&nbsp;factorial.&nbsp;reduce.<br/>
Qed.<br/>
*)</span><br/>
<font size=-2>&#9744;</font>
</div>


<div class="doc">
<a id="lab419"></a><h1 class="section">Additional Exercises</h1>

<div class="paragraph"> </div>

<a id="lab420"></a><h4 class="section">Exercise: 5 stars, standard, optional (garabage_collector)</h4>
 Challenge problem: modify our formalization to include an account
    of garbage collection, and prove that it satisfies whatever nice
    properties you can think to prove about it. 
<div class="paragraph"> </div>

 <font size=-2>&#9744;</font> 
</div>
<div class="code">

<span class="id" title="keyword">End</span> <a class="idref" href="References.html#STLCRef.RefsAndNontermination"><span class="id" title="module">RefsAndNontermination</span></a>.<br/>
<span class="id" title="keyword">End</span> <a class="idref" href="References.html#STLCRef"><span class="id" title="module">STLCRef</span></a>.<br/><hr class='doublespaceincode'/>
<span class="comment">(*&nbsp;2021-08-11&nbsp;15:11&nbsp;*)</span><br/>
</div>
</div>

<div id="footer">
<hr/><a href="coqindex.html">Index</a><hr/>This page has been generated by <a href="http://coq.inria.fr/">coqdoc</a>
</div>

</div>

</body>
</html>